Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Python - SQLMAP - Tamper Script for Custom Caesar Cypher
#!/usr/bin/env python
from lib.core.data import kb
from lib.core.enums import PRIORITY
import string
__priority__ = PRIORITY.NORMAL
def dependencies():
pass
def tamper(payload, **kwargs):
orig = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
srvr = "QqnPvka03wMU6ZybjmK4BRSEWdVishgClpI1AouFNOJ9zrtL2Yef7Tc8GxDHX5"
return payload.translate(string.maketrans(orig,srvr))
@amir992710
Copy link

amir992710 commented Nov 10, 2019

import PRIORITY

ImportError: No module named PRIORITY

__priority__ = PRIORITY.NORMAL

NameError: name 'PRIORITY' is not defined

it has actually a lot of errors.

@amir992710
Copy link

amir992710 commented Nov 10, 2019

but good point of view ;)

@MarkBaggett
Copy link
Author

MarkBaggett commented Nov 25, 2019

@mrgfy
Copy link

mrgfy commented May 31, 2020

got it working without errors.

#!/usr/bin/env python

from lib.core.data import kb
from lib.core.enums import PRIORITY
import string

__priority__ = PRIORITY.NORMAL

def dependencies():
    pass

def tamper(payload, **kwargs):
    orig = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
    srvr = "QqnPvka03wMU6ZybjmK4BRSEWdVishgClpI1AouFNOJ9zrtL2Yef7Tc8GxDHX5"
    return payload.translate(payload.maketrans(orig,srvr))

@mrgfy
Copy link

mrgfy commented May 31, 2020

remove:

  • (string.maketrans(orig,srvr))

replace with:

  • (payload.maketrans(orig,srvr))

@MarkBaggett
Copy link
Author

MarkBaggett commented May 31, 2020

Thanks.
The original code was written when sqlmap was running in python 2.5 or 2.6. They changed the way the translate method works in python 2.7 and 3.

payload.maketrans should now be str.maketrans although using payload will work.

I’ll update the code.

@CostyCrypto
Copy link

CostyCrypto commented Jul 22, 2022

Hello, is there a way to bypass Laravel php protection using SQLMAP? which --tamper can bypass the Laravel Protection

@MarkBaggett
Copy link
Author

MarkBaggett commented Jul 22, 2022

It is possible to modify URLs on the fly to accomplish just about anything if you write your own Python tamper script. I have never looked at Laravel but when I googled it I see it does support some encryption. If parts of the url were encrypted that would mean your tamper script would also have to have the keys.

@CostyCrypto
Copy link

CostyCrypto commented Aug 14, 2022

Thanks for you reply but i don't have any knowledge in programing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment