Skip to content

Instantly share code, notes, and snippets.

@nmcv

nmcv/dynamicparams.py

Created August 20, 2013 12:27
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save nmcv/6280725 to your computer and use it in GitHub Desktop.
Save nmcv/6280725 to your computer and use it in GitHub Desktop.
Download ZIP
Sample SQLMap tamper script to test dynamic parameters
Raw
dynamicparams.py
#!/usr/bin/env python
from lib.core.enums import PRIORITY
from time import time
from hashlib import sha1
__priority__ = PRIORITY.HIGHEST
def dependencies():
pass
def tamper(payload, **kwargs):
if payload:
ts = str(time())[0:10]
tsHash = sha1(ts).hexdigest()
uHash = tsHash[:20]
pHash = tsHash[20:]
username = 'username' + uHash
password = 'password' + pHash
payload = ("&%s=%s&%s=" % (username, payload, password))
# print "-" * 24
# print payload
# print "-" * 24
return payload
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment