修复走私检测插件某些情况下的误报

boy-hack · boy-hack · commit ca22c8bf8926 · 2019-10-02T01:00:04.000+08:00
diff --git a/W13SCAN/plugins/PerScheme/http_smuggling.py b/W13SCAN/plugins/PerScheme/http_smuggling.py
@@ -51,10 +51,13 @@ def audit(self):
             except:
                 continue
             if r.status_code == 403 and resp_str != r.text:
-                out.success(url, self.name, method='POST', **payload_headers, type="CL.TE型", data='0\\r\\n\\r\\nS', )
-                return
+                r2 = requests.get(url, headers=headers)
+                if r2 == 200:
+                    out.success(url, self.name, method='POST', **payload_headers, type="CL.TE型",
+                                data='0\\r\\n\\r\\nS', )
+                    return
         # request_smuggling_te_cl
-        for i in range(cycle+1):
+        for i in range(cycle + 1):
             payload_headers = {
                 "Content-Length": "3",
                 "Transfer-Encoding": "chunked"
@@ -72,6 +75,8 @@ def audit(self):
             except:
                 continue
             if r.status_code == 403 and resp_str != r.text:
-                out.success(url, self.name, method='POST', **payload_headers, type="TE.CL型",
-                            data='1\\r\\nD\\r\\n0\\r\\n\\r\\nS')
-                return
+                r2 = requests.get(url, headers=headers)
+                if r2.status_code == 200:
+                    out.success(url, self.name, method='POST', **payload_headers, type="TE.CL型",
+                                data='1\\r\\nD\\r\\n0\\r\\n\\r\\nS')
+                    return
