Closed unionor closed 11 years ago
stamparm
commented
11 years ago There have been some thoughts on it, but at the end it always seemed futile. Imagine dummy user forcing --level=5 --risk=3 together with that switch. Number of requests in detection phase would go waay up. If anybody has a smart idea speak.
unionor
commented
11 years ago in that case, you can set a maximum requests value. or asking to confirm before going to send multiple requests.
unionor
commented
11 years ago to avoid opening a new issue, today i was in front of an webapp in asp, using sybase, and it's protected by an unknown filter (atleast for me). i tried mssql tamper scripts but non of them have worked. any idea?
stamparm
commented
11 years ago try to detect it with https://code.google.com/p/waffit or you have to analyse manually what is going on (e.g. maybe special characters are filtered out, is there any error,...)
unionor
commented
11 years ago The site http://xxxxxxxxxxxxxxxxx seems to be behind a WAF Reason: The server header is different when an attack is detected. The server header for a normal response is "Microsoft-IIS/6.0", while the server header a response to an attack is "WebProxy/6.0.", Number of requests: 13
stamparm
commented
11 years ago That's a BlueCoat WebProxy 6.0. You can try --tamper=bluecoat. If you take a look inside you'll see what's going on. You could try to use those two tricks manually to see if they are helping you.
unionor
commented
11 years ago remember, my target is sybase+asp and bluecoat script is only for mysql.
stamparm
commented
11 years ago it's a false statement. going to update it.
bdamele
commented
11 years ago Duplicate of #13
what's about an automatic select for tamper scripts?