Skip to content

支持手动设置WAF页面的状态码 #41

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

支持手动设置WAF页面的状态码 #41

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 19 additions & 8 deletions cmd/blazehttp/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ var (
c = 10 // default 10 concurrent workers
mHost string // modify host header
requestPerSession bool // send request per session
wafStatusCode int // manually specify WAF block status code
)

func init() {
Expand All @@ -41,6 +42,7 @@ func init() {
flag.IntVar(&timeout, "timeout", 1000, "connection timeout, default 1000 ms")
flag.StringVar(&mHost, "H", "", "modify host header")
flag.BoolVar(&requestPerSession, "rps", true, "send request per session")
flag.IntVar(&wafStatusCode, "w", 0, "manually specify WAF block status code (0 means auto-detect)")
flag.Parse()
if url, err := url.Parse(target); err != nil || url.Scheme == "" || url.Host == "" {
fmt.Println("invalid target url, example: http://chaitin.com:9443")
Expand All @@ -60,14 +62,23 @@ func main() {
addr = u.Host
}

isWaf, blockStatusCode, err := utils.GetWafBlockStatusCode(target, mHost)
if err != nil {
fmt.Println(err)
os.Exit(1)
}
if !isWaf {
fmt.Println("目标网站未开启waf")
os.Exit(1)
var blockStatusCode int
if wafStatusCode != 0 {
// Use manually specified WAF status code
blockStatusCode = wafStatusCode
fmt.Printf("使用手动指定的WAF状态码: %d\n", blockStatusCode)
} else {
// Auto-detect WAF status code
isWaf, detectedStatusCode, err := utils.GetWafBlockStatusCode(target, mHost)
if err != nil {
fmt.Println(err)
os.Exit(1)
}
if !isWaf {
fmt.Println("目标网站未开启waf")
os.Exit(1)
}
blockStatusCode = detectedStatusCode
}

fileList := make([]string, 0)
Expand Down
25 changes: 15 additions & 10 deletions gui/main.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -251,7 +251,7 @@ func MakeRunForm(w fyne.Window, outputCh chan string, resultCh chan *worker.Resu

// timeout
statusCode := widget.NewEntry()
statusCode.SetText("403")
statusCode.SetText("0")
statusCode.Validator = validation.NewRegexp(`^\d+$`, "StatusCode必须是数字")

advanceForm := &widget.Form{
Expand Down Expand Up @@ -472,15 +472,20 @@ func run(target, mHost string, c, statusCode int, resultCh chan *worker.Result,
addr = u.Host
}

isWaf, blockStatusCode, err := utils.GetWafBlockStatusCode(target, mHost)
if err != nil {
return err
}
if !isWaf {
return errors.New("目标网站未开启waf")
}
if blockStatusCode != statusCode {
return fmt.Errorf("探测到拦截状态码: %d 与配置拦截状态码: %d 不一致", blockStatusCode, statusCode)
var blockStatusCode int
if statusCode != 0 {
// 使用手动指定的WAF状态码
blockStatusCode = statusCode
} else {
// 自动检测WAF状态码
isWaf, detectedStatusCode, err := utils.GetWafBlockStatusCode(target, mHost)
if err != nil {
return err
}
if !isWaf {
return errors.New("目标网站未开启waf")
}
blockStatusCode = detectedStatusCode
}

worker := worker.NewWorker(
Expand Down