1 message in org.oasis-open.lists.wasEVDL Detect thoughts| From | Sent On | Attachments |
|---|---|---|
| Ivan Ristic | Jan 5, 2005 5:12 am |
| Subject: | EVDL Detect thoughts | |
|---|---|---|
| From: | Ivan Ristic (iva...@webkreator.com) | |
| Date: | Jan 5, 2005 5:12:01 am | |
| List: | org.oasis-open.lists.was | |
I have an idea for Detect part to reuse some parts I developed for Protect. I am posting an example detection recipe below. Thoughts?
<detectRecipe maintainSession="false"
<!-- Each message instance represents one HTTP request/response pair. The following is a simple GET request. --> <message name = "m1" method = "GET" uri = "${context.scheme}://${context.hostname}/${context.basedir}/vulnerable.php?p=1&p=2" />
<!-- The following message will be executed 500 ms after the m1 is completed. --> <message name = "m2" method ="GET" uri = "${context.scheme}://${context.hostname}/${context.basedir}/vulnerable.php" version = "HTTP/1.0" waitFor = "m1" delay = "500" >
<addParam name="highlight" value="xyz" /> <addHeader ... /> <setCookie ... />
</message>
<!-- Example of an POST request with a raw body supplied. The request will be made after m2 completes. --> <message name = "m3" method = "POST" uri = "${context.scheme}://${context.hostname}/${context.basedir}/vulnerable.php" waitFor = "m2"> >
<setBody> ... </setBody>
</message>
<!-- One or more detection rulesets follow here, in a format that is pretty much the same to one of the Detect part. The rules should be able to reference data from all messages specified. For example: m1.response.raw_body. -->
</detectRecipe>
-- Ivan Ristic (http://www.modsecurity.org)