xwaf - automatic waf(web application firewall) bypass tool.

xwaf – automatic waf(web application firewall) bypass tool.

LEGAL DISCLAMER
The author does not hold any responsibility about the bad use of this script, remember that attacking targets without prior concent its ilegal and punish by law, this script was build to show how resource files can automate tasks.

Xwaf is a python script for waf(web application firewall) automatic bypass tool, xwaf and bypass_waf more intelligent than can be no intervention and automatic burst breaking waf.
Support Database:
+ MySQL
+ Microsoft SQL Server
+ Oracle
+ PostgreSQL
+ Microsoft Access
+ SQLite
+ IBM DB2
+ Firebird
+ SAP MaxDB
+ Sybase
+ HSQLDB

Dependencies:
+ figlet
+ Python 3.5.x
+ exp10it, blessings, progressive, PyMySQL, readline

TODO:
1> xwaf support memory, the operation will continue to run after the next interrupt will be interrupted when the last command to continue running, will not re-experience all of the above functions
2> The various get_xxx_need_tamper functions are handled using all the waf scripts for the current url’s database type (eg.MySQL)
(In the sqlmap tamper directory) permutation and combination of the results with – hex or – no – cast options for brute force if – hex is no longer used
–no-cast try, – no-cast work is no longer used – hex try
3> need py3.5
4> usage:
Support 3 kinds of usage:
Python3 xwaf.py “http://127.0.0.1/1.php?id=1”
No – proxy parameter is not the agent
Python3 xwaf.py “http://127.0.0.1/1.php?id=1” –proxy
There – proxy parameter with the agent, each time the implementation of the new sqlmap command automatically switch from the Internet to obtain the agent
Python3 xwaf.py
Enter the relevant parameters as prompted

Hint: If the process is interrupted, and then run the same command can be followed from the breakpoint near the storm

5> xwaf After running in the /root/.sqlmap/output/127.0.0.1 directory ini file to see the relevant information, bypassed_command is a successful storm Waf sqlmap statement

Changelog [2017-01-18]
+ Fix line128 the slef into self
+ Db_name at fix line128 is undefined

Usage and install:

Source: https://github.com/3xp10it