Re: [sqlmap-users] New feature
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] New feature
|
From: Miroslav S. <mir...@gm...> - 2010-10-13 13:16:01
|
hello all.
switch '--tamper' is now fully implemented in the latest SVN revision.
tampering modules must include function with declaration like 'def
tamper(place, value):'. argument 'place' states which injection place
('POST', 'GET', 'URI' or 'User-Agent') is query being used for, while
value represent the old query value (prior to return value of that
tampering function).
tampering function for IFNULL(A,B) -> IF(ISNULL(A),B,A) is implemented
so far (./sqlmap/tamper/ifnull2ifisnull.py) but you can make your own
tampering modules/functions too.
sample usage is:
./sqlmap.py -u "http://www.site.com/index.php?id=1"
--tamper="./tamper/ifnull2ifisnull.py"
if you have any other suggestions for other useful tampering functions
please say and i'll try to implement it/them if it makes sense.
kind regards.
On Wed, Oct 13, 2010 at 9:43 AM, Miroslav Stampar
<mir...@gm...> wrote:
> hi.
>
> now, there is an option "--tamper=<file>" which does this.
>
> you can play around with it using for example:
> ./sqlmap.py -u "www.test.com" --tamper="./tamper/dummy.py"
>
> for "practical" examples please wait for working version of
> ./tamper/ifnull2ifisnull.py. i need to solve the problem of counting
> parenthesis in regular expression i use for recognizing parts of
> ifnull.
>
> kind regards.
>
> On Tue, Oct 12, 2010 at 8:02 PM, Carlos Gabriel Vergara
> <car...@gm...> wrote:
>> Hi! I was using sqlmap for a year or two, and in a lot of scenarios i
>> found the need of "touch" the urls that the tool crafts to send to the
>> server.
>> Most of the times this happens because all scenarios are some sort of
>> unique, even if they share the same DMBS.
>> In this cases i spend a lot of time programming pseudo proxys (quick
>> and dirty coding in python) to solve the obstacle.
>> I have some free time now, and want to make a module for sqlmap that
>> "tampers" the data to be send, let me introduce some logic to modify
>> it, and then send it to the server.
>> For example: i need to replace blanks with /**/ for a mssql server. I
>> will be using sqlmap like this:
>>
>> sqlmap -u "http://host/script.py?id=15" -p id
>> --tamper-script="/home/kaleb/script.py"
>>
>> In script.py, some sort of code that picks the GET/POST about to be
>> sent to the server, search for the blanks in the query, replace them
>> with /**/, and then give it back to sqlmap to be sended.
>>
>> Another example (mentioned in a previous thread): i need to replace
>> IFNULL(A,B) sentence with IF(ISNULL(A), B, A). It needed a lot of
>> string manipulation, made in a mini proxy, losting performance in the
>> middle.
>>
>> The question: which part of sqlmap code i need to start reviewing?
>> Thus i used it a lot, never looked into the code. In need a little
>> tip, just to start with something in mind.
>>
>> Thanks a lot.
>>
>> PD: excuse my rusty english, by the way =)
>>
>> --
>> --------8<--------
>> Carlos Gabriel Vergara
>> http://www.ThorSecurity.com.ar
>>
>> PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp
>> -------->8--------
>>
>> ------------------------------------------------------------------------------
>> Beautiful is writing same markup. Internet Explorer 9 supports
>> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
>> Spend less time writing and rewriting code and more time creating great
>> experiences on the web. Be a part of the beta today.
>> http://p.sf.net/sfu/beautyoftheweb
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>
>
>
> --
> Miroslav Stampar
>
> E-mail / Jabber: miroslav.stampar (at) gmail.com
> Mobile: +385921010204 (HR 0921010204)
> PGP Key ID: 0xB5397B1B
> Location: Zagreb, Croatia
>
--
Miroslav Stampar
E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B
Location: Zagreb, Croatia
|
