Re: [sqlmap-users] New feature
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] New feature
|
From: Miroslav S. <mir...@gm...> - 2010-10-13 14:31:30
|
On Wed, Oct 13, 2010 at 3:55 PM, Carlos Gabriel Vergara
<car...@gm...> wrote:
> Good work!
>
> Will try it as soon as i have a minute.
>
> Some examples of tamper functions:
>
> a) Replace chars with %, with double encoding... i mean: %20 to %2520
added ./tamper/doubleencode.py
> b) Replace spaces with /**/ for mssql (i think theres already an
> option for this in later versions)
added ./tamper/space2comment.py
> c) Related to a), replace all injection with encoding using %
didn't understand this one. could you please explain it more. thx.
>
> If I remember something else, will post it.
>
> Best regards,
> G
>
> 2010/10/13 Miroslav Stampar <mir...@gm...>:
>> ...and yes, they can be stacked together:
>>
>> sample:
>> --tamper="./tamper/ifnull2ifisnull.py;./tamper/dummy.py"
>>
>> bye
>>
>> On Wed, Oct 13, 2010 at 3:15 PM, Miroslav Stampar
>> <mir...@gm...> wrote:
>>> hello all.
>>>
>>> switch '--tamper' is now fully implemented in the latest SVN revision.
>>> tampering modules must include function with declaration like 'def
>>> tamper(place, value):'. argument 'place' states which injection place
>>> ('POST', 'GET', 'URI' or 'User-Agent') is query being used for, while
>>> value represent the old query value (prior to return value of that
>>> tampering function).
>>>
>>> tampering function for IFNULL(A,B) -> IF(ISNULL(A),B,A) is implemented
>>> so far (./sqlmap/tamper/ifnull2ifisnull.py) but you can make your own
>>> tampering modules/functions too.
>>>
>>> sample usage is:
>>>
>>> ./sqlmap.py -u "http://www.site.com/index.php?id=1"
>>> --tamper="./tamper/ifnull2ifisnull.py"
>>>
>>> if you have any other suggestions for other useful tampering functions
>>> please say and i'll try to implement it/them if it makes sense.
>>>
>>> kind regards.
>>>
>>> On Wed, Oct 13, 2010 at 9:43 AM, Miroslav Stampar
>>> <mir...@gm...> wrote:
>>>> hi.
>>>>
>>>> now, there is an option "--tamper=<file>" which does this.
>>>>
>>>> you can play around with it using for example:
>>>> ./sqlmap.py -u "www.test.com" --tamper="./tamper/dummy.py"
>>>>
>>>> for "practical" examples please wait for working version of
>>>> ./tamper/ifnull2ifisnull.py. i need to solve the problem of counting
>>>> parenthesis in regular expression i use for recognizing parts of
>>>> ifnull.
>>>>
>>>> kind regards.
>>>>
>>>> On Tue, Oct 12, 2010 at 8:02 PM, Carlos Gabriel Vergara
>>>> <car...@gm...> wrote:
>>>>> Hi! I was using sqlmap for a year or two, and in a lot of scenarios i
>>>>> found the need of "touch" the urls that the tool crafts to send to the
>>>>> server.
>>>>> Most of the times this happens because all scenarios are some sort of
>>>>> unique, even if they share the same DMBS.
>>>>> In this cases i spend a lot of time programming pseudo proxys (quick
>>>>> and dirty coding in python) to solve the obstacle.
>>>>> I have some free time now, and want to make a module for sqlmap that
>>>>> "tampers" the data to be send, let me introduce some logic to modify
>>>>> it, and then send it to the server.
>>>>> For example: i need to replace blanks with /**/ for a mssql server. I
>>>>> will be using sqlmap like this:
>>>>>
>>>>> sqlmap -u "http://host/script.py?id=15" -p id
>>>>> --tamper-script="/home/kaleb/script.py"
>>>>>
>>>>> In script.py, some sort of code that picks the GET/POST about to be
>>>>> sent to the server, search for the blanks in the query, replace them
>>>>> with /**/, and then give it back to sqlmap to be sended.
>>>>>
>>>>> Another example (mentioned in a previous thread): i need to replace
>>>>> IFNULL(A,B) sentence with IF(ISNULL(A), B, A). It needed a lot of
>>>>> string manipulation, made in a mini proxy, losting performance in the
>>>>> middle.
>>>>>
>>>>> The question: which part of sqlmap code i need to start reviewing?
>>>>> Thus i used it a lot, never looked into the code. In need a little
>>>>> tip, just to start with something in mind.
>>>>>
>>>>> Thanks a lot.
>>>>>
>>>>> PD: excuse my rusty english, by the way =)
>>>>>
>>>>> --
>>>>> --------8<--------
>>>>> Carlos Gabriel Vergara
>>>>> http://www.ThorSecurity.com.ar
>>>>>
>>>>> PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp
>>>>> -------->8--------
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> Beautiful is writing same markup. Internet Explorer 9 supports
>>>>> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
>>>>> Spend less time writing and rewriting code and more time creating great
>>>>> experiences on the web. Be a part of the beta today.
>>>>> http://p.sf.net/sfu/beautyoftheweb
>>>>> _______________________________________________
>>>>> sqlmap-users mailing list
>>>>> sql...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Miroslav Stampar
>>>>
>>>> E-mail / Jabber: miroslav.stampar (at) gmail.com
>>>> Mobile: +385921010204 (HR 0921010204)
>>>> PGP Key ID: 0xB5397B1B
>>>> Location: Zagreb, Croatia
>>>>
>>>
>>>
>>>
>>> --
>>> Miroslav Stampar
>>>
>>> E-mail / Jabber: miroslav.stampar (at) gmail.com
>>> Mobile: +385921010204 (HR 0921010204)
>>> PGP Key ID: 0xB5397B1B
>>> Location: Zagreb, Croatia
>>>
>>
>>
>>
>> --
>> Miroslav Stampar
>>
>> E-mail / Jabber: miroslav.stampar (at) gmail.com
>> Mobile: +385921010204 (HR 0921010204)
>> PGP Key ID: 0xB5397B1B
>> Location: Zagreb, Croatia
>>
>
>
>
> --
> --------8<--------
> Carlos Gabriel Vergara
> http://www.ThorSecurity.com.ar
>
> PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp
> -------->8--------
>
> ------------------------------------------------------------------------------
> Beautiful is writing same markup. Internet Explorer 9 supports
> standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3.
> Spend less time writing and rewriting code and more time creating great
> experiences on the web. Be a part of the beta today.
> http://p.sf.net/sfu/beautyoftheweb
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
--
Miroslav Stampar
E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B
Location: Zagreb, Croatia
|
