-
Notifications
You must be signed in to change notification settings - Fork 0
/
waf_bypass.py
64 lines (52 loc) · 2.15 KB
/
waf_bypass.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
import json
from mitmproxy import ctx
from urllib.parse import urlparse
# Load configuration from the JSON file
with open('waf_config.json', 'r') as config_file:
config = json.load(config_file)
all_headers = []
response_data_list = []
# Load all headers from the file and append to the list
with open('waf_headers.txt', 'r') as f:
lines = f.readlines()
all_headers.extend(lines)
def request(flow):
# Get the hostname from the request URL using urlparse
parsed_url = urlparse(flow.request.url)
hostname = parsed_url.hostname
# Check if the hostname matches the one from the configuration
if hostname and hostname == config["hostname"]:
# Avoid an infinite loop by not replaying already replayed requests
if flow.is_replay:
return
if "view" in ctx.master.addons:
ctx.master.commands.call("view.flows.duplicate", [flow])
for header in all_headers:
header = header.strip().lower()
modified_flow = flow.copy()
modified_flow.request.headers['user-agent'] = config["user_agent"]
modified_flow.request.headers[header] = "127.0.0.1"
ctx.master.commands.call("replay.client", [modified_flow])
def response(flow):
# Get the hostname from the request URL using urlparse
parsed_url = urlparse(flow.request.url)
hostname = parsed_url.hostname
# Check if the hostname matches the one from the configuration
if hostname and hostname == config["hostname"]:
# Store the response status code, URL, headers, and modified request headers in a dictionary
response_data = {
"url": flow.request.url,
"status_code": flow.response.status_code,
"request_headers": dict(flow.request.headers),
"response_headers": dict(flow.response.headers)
}
response_data_list.append(response_data)
# Save the captured data after each response
save_to_file()
def save_to_file():
with open("waf_response.json", "w") as f:
json.dump(response_data_list, f, indent=4)
addons = [
# Register the above functions as event handlers
request, response
]