-
-
Save MarkBaggett/49aca627205aebaa2be1811511dbc422 to your computer and use it in GitHub Desktop.
| #!/usr/bin/env python | |
| from lib.core.data import kb | |
| from lib.core.enums import PRIORITY | |
| import string | |
| __priority__ = PRIORITY.NORMAL | |
| def dependencies(): | |
| pass | |
| def tamper(payload, **kwargs): | |
| orig = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" | |
| srvr = "QqnPvka03wMU6ZybjmK4BRSEWdVishgClpI1AouFNOJ9zrtL2Yef7Tc8GxDHX5" | |
| return payload.translate(string.maketrans(orig,srvr)) |
got it working without errors.
#!/usr/bin/env python
from lib.core.data import kb
from lib.core.enums import PRIORITY
import string
__priority__ = PRIORITY.NORMAL
def dependencies():
pass
def tamper(payload, **kwargs):
orig = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
srvr = "QqnPvka03wMU6ZybjmK4BRSEWdVishgClpI1AouFNOJ9zrtL2Yef7Tc8GxDHX5"
return payload.translate(payload.maketrans(orig,srvr))
remove:
- (string.maketrans(orig,srvr))
replace with:
- (payload.maketrans(orig,srvr))
Thanks.
The original code was written when sqlmap was running in python 2.5 or 2.6. They changed the way the translate method works in python 2.7 and 3.
payload.maketrans should now be str.maketrans although using payload will work.
I’ll update the code.
Hello, is there a way to bypass Laravel php protection using SQLMAP? which --tamper can bypass the Laravel Protection
It is possible to modify URLs on the fly to accomplish just about anything if you write your own Python tamper script. I have never looked at Laravel but when I googled it I see it does support some encryption. If parts of the url were encrypted that would mean your tamper script would also have to have the keys.
Thanks for you reply but i don't have any knowledge in programing
its a sqlmap module.
https://pen-testing.sans.org/blog/2017/10/13/sqlmap-tamper-scripts-for-the-win