Merge pull request #599 from blacklanternsecurity/more_paramminer_tweaks

better error handling paramminer
blacklanternsecurity · Jul 12, 2023 · eefa19a · eefa19a
2 parents dc2ac69 + 170ddc4
commit eefa19a
Show file tree

Hide file tree

Showing 2 changed files with 13 additions and 7 deletions.
diff --git a/bbot/core/helpers/diff.py b/bbot/core/helpers/diff.py
@@ -146,7 +146,7 @@ async def compare(
             url, headers=headers, cookies=cookies, follow_redirects=allow_redirects, method=method
         )
 
-        if not subject_response:
+        if subject_response is None:
             # this can be caused by a WAF not liking the header, so we really arent interested in it
             return (True, "403", reflection, subject_response)
 

diff --git a/bbot/modules/paramminer_headers.py b/bbot/modules/paramminer_headers.py
@@ -98,7 +98,7 @@ def rand_string(self, *args, **kwargs):
 
     async def do_mining(self, wl, url, batch_size, compare_helper):
         results = set()
-        abort_threshold = 25
+        abort_threshold = 15
         try:
             for group in self.helpers.grouper(wl, batch_size):
                 async for result, reasons, reflection in self.binary_search(compare_helper, url, group):
@@ -133,7 +133,7 @@ async def handle_event(self, event):
         try:
             compare_helper = self.helpers.http_compare(url)
         except HttpCompareError as e:
-            self.debug(e)
+            self.debug(f"Error initializing compare helper: {e}")
             return
         batch_size = await self.count_test(url)
         if batch_size == None or batch_size <= 0:
@@ -143,8 +143,11 @@ async def handle_event(self, event):
 
         self.event_dict[url] = (event, batch_size)
 
-        if await compare_helper.canary_check(url, mode=self.compare_mode) == False:
-            self.verbose(f'Aborting "{url}" due to failed canary check')
+        try:
+            if not await compare_helper.canary_check(url, mode=self.compare_mode):
+                raise HttpCompareError("failed canary check")
+        except HttpCompareError as e:
+            self.verbose(f'Aborting "{url}" ({e})')
             return
 
         wl = set(self.wl)
@@ -215,8 +218,11 @@ async def check_batch(self, compare_helper, url, header_list):
 
     async def finish(self):
         for url, (event, batch_size) in self.event_dict.items():
-            compare_helper = self.helpers.http_compare(url)
-
+            try:
+                compare_helper = self.helpers.http_compare(url)
+            except HttpCompareError as e:
+                self.debug(f"Error initializing compare helper: {e}")
+                return
             untested_matches = set()
             for k, s in self.matched_words.items():
                 if k != url: