First comes first compare the two tamper script to see if there are no dependencies tamper sqlmap call any library or algorithms.
Such as calling tamper is to call a function of the script after the import, so we have developed tamper script should also have the function call to use, mainly to see the algorithm right, Keke
Let's look at base64encode.py
#!/usr/bin/env python """ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ from lib.core.convert import encodeBase64 from lib.core.enums import PRIORITY __priority__ = PRIORITY.LOW def dependencies(): pass def tamper(payload, **kwargs): """ Base64-encodes all characters in a given payload >>> tamper("1' AND SLEEP(5)#") 'MScgQU5EIFNMRUVQKDUpIw==' """ return encodeBase64(payload, binary=False) if payload else payload
Look at charencode.py
#!/usr/bin/env python """ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ import string from lib.core.enums import PRIORITY __priority__ = PRIORITY.LOWEST def dependencies(): pass def tamper(payload, **kwargs): """ URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %53%45%4C%45%43%54) Tested against: * Microsoft SQL Server 2005 * MySQL 4, 5.0 and 5.5 * Oracle 10g * PostgreSQL 8.3, 8.4, 9.0 Notes: * Useful to bypass very weak web application firewalls that do not url-decode the request before processing it through their ruleset * The web server will anyway pass the url-decoded version behind, hence it should work against any DBMS >>> tamper('SELECT FIELD FROM%20TABLE') '%53%45%4C%45%43%54%20%46%49%45%4C%44%20%46%52%4F%4D%20%54%41%42%4C%45' """ retVal = payload if payload: retVal = "" i = 0 while i < len(payload): if payload[i] == '%' and (i < len(payload) - 2) and payload[i + 1:i + 2] in string.hexdigits and payload[i + 2:i + 3] in string.hexdigits: retVal += payload[i:i + 3] i += 3 else: retVal += '%%%.2X' % ord(payload[i]) i += 1 return retVal
We found that there are some common script
1. PRIORITY libraries are introduced into the library seems to be prioritized from lib.core.enums module, reference
from lib.core.enums import PRIORITY
2. __priority__ and assigning a variable that defines the priority attribute, the reference
base64encode.py in
__priority__ = PRIORITY.LOW
charencode.py in
__priority__ = PRIORITY.LOWEST
3. defines a function named dependencies and code for the function body pass, the reference
def dependencies(): pass
4. The tamper defines a named function, function receives two parameters, a payload, the payload has not treated, a ** kwargs, which receives a key parameter - the value of the array,
After we do the appropriate algorithm processing after receiving the payload, return payload can be handled well
Common are listed here, according to the written and illustrated:
# ! / Usr / bin / env Python from lib.core.enums Import PRIORITY __priority__ = PRIORITY.LOW # Here you can define your own priorities DEF the Dependencies (): Pass DEF Tamper (payload, ** kwargs): return # treatment after string payload
After writing into the tamper directory can sqlmap