From c4540cd3c36f4f84df82c1b0ef8b38ca9afec320 Mon Sep 17 00:00:00 2001 From: liquidsec Date: Sat, 3 Feb 2024 22:38:14 -0500 Subject: [PATCH 1/4] moving _baselined assignement to prevent race condition --- bbot/core/helpers/diff.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/bbot/core/helpers/diff.py b/bbot/core/helpers/diff.py index fd8d3474f..3a385a4db 100644 --- a/bbot/core/helpers/diff.py +++ b/bbot/core/helpers/diff.py @@ -7,6 +7,8 @@ log = logging.getLogger("bbot.core.helpers.diff") +from time import sleep + class HttpCompare: def __init__(self, baseline_url, parent_helper, method="GET", allow_redirects=False, include_cache_buster=True): @@ -19,7 +21,6 @@ def __init__(self, baseline_url, parent_helper, method="GET", allow_redirects=Fa async def _baseline(self): if not self._baselined: - self._baselined = True # vanilla URL if self.include_cache_buster: url_1 = self.parent_helper.add_get_params(self.baseline_url, self.gen_cache_buster()).geturl() @@ -86,6 +87,7 @@ async def _baseline(self): self.baseline_ignore_headers += [x.lower() for x in dynamic_headers] self.baseline_body_distance = self.compare_body(baseline_1_json, baseline_2_json) + self._baselined = True def gen_cache_buster(self): return {self.parent_helper.rand_string(6): "1"} From 499ec3e646fc6a0f2063c7a36c1d78ed9d26b7b1 Mon Sep 17 00:00:00 2001 From: liquidsec Date: Sat, 3 Feb 2024 22:39:52 -0500 Subject: [PATCH 2/4] removing debug sleep import --- bbot/core/helpers/diff.py | 2 -- 1 file changed, 2 deletions(-) diff --git a/bbot/core/helpers/diff.py b/bbot/core/helpers/diff.py index 3a385a4db..670ab83f5 100644 --- a/bbot/core/helpers/diff.py +++ b/bbot/core/helpers/diff.py @@ -7,8 +7,6 @@ log = logging.getLogger("bbot.core.helpers.diff") -from time import sleep - class HttpCompare: def __init__(self, baseline_url, parent_helper, method="GET", allow_redirects=False, include_cache_buster=True): From c302cb48f83bad5233a0635579c2673916e4fe39 Mon Sep 17 00:00:00 2001 From: liquidsec Date: Sat, 3 Feb 2024 22:42:10 -0500 Subject: [PATCH 3/4] fix whitespace --- bbot/core/helpers/diff.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bbot/core/helpers/diff.py b/bbot/core/helpers/diff.py index 670ab83f5..ca83eb915 100644 --- a/bbot/core/helpers/diff.py +++ b/bbot/core/helpers/diff.py @@ -85,7 +85,7 @@ async def _baseline(self): self.baseline_ignore_headers += [x.lower() for x in dynamic_headers] self.baseline_body_distance = self.compare_body(baseline_1_json, baseline_2_json) - self._baselined = True + self._baselined = True def gen_cache_buster(self): return {self.parent_helper.rand_string(6): "1"} From 38982add006a04e3358a13a3d04d748345124791 Mon Sep 17 00:00:00 2001 From: liquidsec Date: Sat, 3 Feb 2024 22:44:08 -0500 Subject: [PATCH 4/4] lowering bypass403 collapse threshold --- bbot/modules/bypass403.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bbot/modules/bypass403.py b/bbot/modules/bypass403.py index 182f4b4db..1ea884c84 100644 --- a/bbot/modules/bypass403.py +++ b/bbot/modules/bypass403.py @@ -127,7 +127,7 @@ async def handle_event(self, event): self.debug(e) return - collapse_threshold = 10 + collapse_threshold = 6 results = await self.do_checks(compare_helper, event, collapse_threshold) if results is None: return