Skip to content

Instantly share code, notes, and snippets.

@MarkBaggett
Last active July 16, 2023 14:57
  • Star 12 You must be signed in to star a gist
  • Fork 5 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save MarkBaggett/49aca627205aebaa2be1811511dbc422 to your computer and use it in GitHub Desktop.
Python - SQLMAP - Tamper Script for Custom Caesar Cypher
#!/usr/bin/env python
from lib.core.data import kb
from lib.core.enums import PRIORITY
import string
__priority__ = PRIORITY.NORMAL
def dependencies():
pass
def tamper(payload, **kwargs):
orig = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
srvr = "QqnPvka03wMU6ZybjmK4BRSEWdVishgClpI1AouFNOJ9zrtL2Yef7Tc8GxDHX5"
return payload.translate(string.maketrans(orig,srvr))
@skalvin
Copy link

skalvin commented Jul 22, 2022

Hello, is there a way to bypass Laravel php protection using SQLMAP? which --tamper can bypass the Laravel Protection

@MarkBaggett
Copy link
Author

It is possible to modify URLs on the fly to accomplish just about anything if you write your own Python tamper script. I have never looked at Laravel but when I googled it I see it does support some encryption. If parts of the url were encrypted that would mean your tamper script would also have to have the keys.

@skalvin
Copy link

skalvin commented Aug 14, 2022

Thanks for you reply but i don't have any knowledge in programing

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment