Implements sqlmapproject#3940

stamparm · stamparm · commit d34619232fe2 · 2019-09-26T10:36:47.000+02:00
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -18,7 +18,7 @@
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.9.20"
+VERSION = "1.3.9.21"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/tamper/xforwardedfor.py b/tamper/xforwardedfor.py
@@ -16,20 +16,29 @@ def dependencies():
     pass
 
 def randomIP():
-    numbers = []
+    octets = []
 
-    while not numbers or numbers[0] in (10, 172, 192):
-        numbers = random.sample(xrange(1, 255), 4)
+    while not octets or octets[0] in (10, 172, 192):
+        octets = random.sample(xrange(1, 255), 4)
 
-    return '.'.join(str(_) for _ in numbers)
+    return '.'.join(str(_) for _ in octets)
 
 def tamper(payload, **kwargs):
     """
-    Append a fake HTTP header 'X-Forwarded-For'
+    Append a fake HTTP header 'X-Forwarded-For' (and alike)
     """
 
     headers = kwargs.get("headers", {})
     headers["X-Forwarded-For"] = randomIP()
     headers["X-Client-Ip"] = randomIP()
     headers["X-Real-Ip"] = randomIP()
+    headers["CF-Connecting-IP"] = randomIP()
+    headers["True-Client-IP"] = randomIP()
+
+    # Reference: https://developer.chrome.com/multidevice/data-compression-for-isps#proxy-connection
+    headers["Via"] = "1.1 Chrome-Compression-Proxy"
+
+    # Reference: https://wordpress.org/support/topic/blocked-country-gaining-access-via-cloudflare/#post-9812007
+    headers["CF-IPCountry"] = random.sample(('GB', 'US', 'FR', 'AU', 'CA', 'NZ', 'BE', 'DK', 'FI', 'IE', 'AT', 'IT', 'LU', 'NL', 'NO', 'PT', 'SE', 'ES', 'CH'), 1)[0]
+
     return payload
