Re: [Mod-security-developers] LibModsecurity
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] LibModsecurity
|
From: Felipe C. <FC...@tr...> - 2016-02-22 16:04:29
|
Hi Fakhri, The complete documentation can be found embedded in the classes source, for instance: https://github.com/SpiderLabs/ModSecurity/blob/libmodsecurity/src/transaction.cc#L226-L248 Depending on your editor, this information may be available as a tooltip (or similar), while you coding. Also, you can use other implementation of the library as a guide to your development. In library git repository you will be able to find the benchmark utility and the regression test utility: - https://github.com/SpiderLabs/ModSecurity/blob/libmodsecurity/test/benchmark/benchmark.cc - https://github.com/SpiderLabs/ModSecurity/blob/libmodsecurity/test/regression/regression.cc Another implementation available is the pcap one: - https://github.com/SpiderLabs/ModSecurity-pcap/blob/master/pcap.cc Br., Felipe “Zimmerle” Costa Security Researcher, Lead Developer ModSecurity. Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> On 2/22/16, 8:41 AM, "Fakhri Zulkifli" <d0l...@ya...<mailto:d0l...@ya...>> wrote: Hello, i'm having a hard time in finding the function call that actually detect injection payload (e.g <script>alert(1)</script>). The payload does not necessarily need to exactly like the one i provided in the brackets. Based on the code flow (http://scanmail.trustwave.com/?c=4062&d=r_TK1jviw3jweOIGGWeJS_6JQ1rHQ8KwyJOzHmvrnw&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2fblob%2flibmodsecurity%2fexamples%2fsimple%5fexample%5fusing%5fc%2ftest%2ec) , the code basically just initiate the rules to the modsecurity instance and also try to initiate remote rules and i don't find any function call that actually does the payload detection, is it already implemented? maybe i missed somewhere. Thanks. ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://scanmail.trustwave.com/?c=4062&d=r_TK1jviw3jweOIGGWeJS_6JQ1rHQ8KwyJOxTDzqmw&s=5&u=http%3a%2f%2fpubads%2eg%2edoubleclick%2enet%2fgampad%2fclk%3fid%3d272487151%26iu%3d%2f4140 _______________________________________________ mod-security-developers mailing list mod...@li...<mailto:mod...@li...> http://scanmail.trustwave.com/?c=4062&d=r_TK1jviw3jweOIGGWeJS_6JQ1rHQ8KwyMazQD7tnA&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-developers ModSecurity Services from Trustwave's SpiderLabs: https://www.trustwave.com/spiderLabs.php ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
