Skip to content

Commit 3253882

Browse files
stamparmstamparm
committed
minor cosmetics on tamper scripts
1 parent 33d9878 commit 3253882

9 files changed

Lines changed: 75 additions & 76 deletions

tamper/between.py

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -11,39 +11,39 @@
1111

1212
__priority__ = PRIORITY.HIGHEST
1313

14-
def tamper(value):
14+
def tamper(payload):
1515
"""
1616
Replaces '>' with 'NOT BETWEEN 0 AND #'
1717
Example: 'A > B' becomes 'A NOT BETWEEN 0 AND B'
1818
"""
1919

20-
retVal = value
20+
retVal = payload
2121

22-
if value:
22+
if payload:
2323
retVal = ""
2424
quote, doublequote, firstspace = False, False, False
2525

26-
for i in xrange(len(value)):
26+
for i in xrange(len(payload)):
2727
if not firstspace:
28-
if value[i].isspace():
28+
if payload[i].isspace():
2929
firstspace = True
3030
retVal += " "
3131
continue
3232

33-
elif value[i] == '\'':
33+
elif payload[i] == '\'':
3434
quote = not quote
3535

36-
elif value[i] == '"':
36+
elif payload[i] == '"':
3737
doublequote = not doublequote
3838

39-
elif value[i] == ">" and not doublequote and not quote:
40-
retVal += " " if i > 0 and not value[i-1].isspace() else ""
39+
elif payload[i] == ">" and not doublequote and not quote:
40+
retVal += " " if i > 0 and not payload[i-1].isspace() else ""
4141
retVal += "NOT BETWEEN 0 AND"
42-
retVal += " " if i < len(value) - 1 and not value[i+1].isspace() else ""
42+
retVal += " " if i < len(payload) - 1 and not payload[i+1].isspace() else ""
4343

4444
continue
4545

46-
retVal += value[i]
46+
retVal += payload[i]
4747

4848
return retVal
4949

tamper/charencode.py

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -14,24 +14,24 @@
1414

1515
__priority__ = PRIORITY.LOWEST
1616

17-
def tamper(value):
17+
def tamper(payload):
1818
"""
19-
Urlencodes all characters in a given value (not processing already encoded)
19+
Urlencodes all characters in a given payload (not processing already encoded)
2020
Example: 'SELECT FIELD FROM%20TABLE' becomes '%53%45%4c%45%43%54%20%46%49%45%4c%44%20%46%52%4f%4d%20%54%41%42%4c%45'
2121
"""
2222

23-
retVal = value
23+
retVal = payload
2424

25-
if value:
25+
if payload:
2626
retVal = ""
2727
i = 0
2828

29-
while i < len(value):
30-
if value[i] == '%' and (i < len(value) - 2) and value[i+1] in string.hexdigits and value[i+2] in string.hexdigits:
31-
retVal += value[i:i+3]
29+
while i < len(payload):
30+
if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1] in string.hexdigits and payload[i+2] in string.hexdigits:
31+
retVal += payload[i:i+3]
3232
i += 3
3333
else:
34-
retVal += '%%%X' % ord(value[i])
34+
retVal += '%%%X' % ord(payload[i])
3535
i += 1
3636

3737
return retVal

tamper/charunicodeencode.py

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -14,24 +14,24 @@
1414

1515
__priority__ = PRIORITY.LOWEST
1616

17-
def tamper(value):
17+
def tamper(payload):
1818
"""
19-
Replaces value with unicode-urlencode of non-encoded chars in value (not processing already encoded)
19+
Replaces payload with unicode-urlencode of non-encoded chars in payload (not processing already encoded)
2020
Example: 'SELECT FIELD%20FROM TABLE' becomes '%u0053%u0045%u004c%u0045%u0043%u0054%u0020%u0046%u0049%u0045%u004c%u0044%u0020%u0046%u0052%u004f%u004d%u0020%u0054%u0041%u0042%u004c%u0045'
2121
"""
2222

23-
retVal = value
23+
retVal = payload
2424

25-
if value:
25+
if payload:
2626
retVal = ""
2727
i = 0
2828

29-
while i < len(value):
30-
if value[i] == '%' and (i < len(value) - 2) and value[i+1] in string.hexdigits and value[i+2] in string.hexdigits:
31-
retVal += "%%u00%s" % value[i+1:i+3]
29+
while i < len(payload):
30+
if payload[i] == '%' and (i < len(payload) - 2) and payload[i+1] in string.hexdigits and payload[i+2] in string.hexdigits:
31+
retVal += "%%u00%s" % payload[i+1:i+3]
3232
i += 3
3333
else:
34-
retVal += '%%u00%X' % ord(value[i])
34+
retVal += '%%u00%X' % ord(payload[i])
3535
i += 1
3636

3737
return retVal

tamper/ifnull2ifisnull.py

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -11,39 +11,39 @@
1111

1212
__priority__ = PRIORITY.HIGHEST
1313

14-
def tamper(value):
14+
def tamper(payload):
1515
"""
1616
Replaces 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)'
1717
Example: 'IFNULL(1, 2)' becomes 'IF(ISNULL(1), 2, 1)'
1818
"""
1919

20-
if value and value.find("IFNULL") > -1:
20+
if payload and payload.find("IFNULL") > -1:
2121

22-
while value.find("IFNULL(") > -1:
23-
index = value.find("IFNULL(")
22+
while payload.find("IFNULL(") > -1:
23+
index = payload.find("IFNULL(")
2424
deepness = 1
2525
comma, end = None, None
2626

27-
for i in xrange(index + len("IFNULL("), len(value)):
28-
if deepness == 1 and value[i] == ',':
27+
for i in xrange(index + len("IFNULL("), len(payload)):
28+
if deepness == 1 and payload[i] == ',':
2929
comma = i
3030

31-
elif deepness == 1 and value[i] == ')':
31+
elif deepness == 1 and payload[i] == ')':
3232
end = i
3333
break
3434

35-
elif value[i] == '(':
35+
elif payload[i] == '(':
3636
deepness += 1
3737

38-
elif value[i] == ')':
38+
elif payload[i] == ')':
3939
deepness -= 1
4040

4141
if comma and end:
42-
A = value[index + len("IFNULL("):comma]
43-
B = value[comma + 1:end]
42+
A = payload[index + len("IFNULL("):comma]
43+
B = payload[comma + 1:end]
4444
newVal = "IF(ISNULL(%s),%s,%s)" % (A, B, A)
45-
value = value[:index] + newVal + value[end+1:]
45+
payload = payload[:index] + newVal + payload[end+1:]
4646
else:
4747
break
4848

49-
return value
49+
return payload

tamper/randomcase.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,15 +15,15 @@
1515

1616
__priority__ = PRIORITY.NORMAL
1717

18-
def tamper(value):
18+
def tamper(payload):
1919
"""
2020
Replaces each character with random case value
2121
Example: 'INSERT' might become 'InsERt'
2222
"""
2323

24-
retVal = value
24+
retVal = payload
2525

26-
if value:
26+
if payload:
2727
for match in re.finditer(r"[A-Za-z_]+", retVal):
2828
word = match.group()
2929

tamper/randomcomments.py

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -15,16 +15,16 @@
1515

1616
__priority__ = PRIORITY.LOW
1717

18-
def tamper(value):
18+
def tamper(payload):
1919
"""
20-
Add random comments to SQL keywords in value
20+
Add random comments to SQL keywords
2121
Example: 'INSERT' becomes 'IN/**/S/**/ERT'
2222
"""
2323

24-
retVal = value
24+
retVal = payload
2525

26-
if value:
27-
for match in re.finditer(r"[A-Za-z_]+", retVal):
26+
if payload:
27+
for match in re.finditer(r"[A-Za-z_]+", payload):
2828
word = match.group()
2929

3030
if len(word) < 2:

tamper/space2comment.py

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -11,36 +11,36 @@
1111

1212
__priority__ = PRIORITY.LOW
1313

14-
def tamper(value):
14+
def tamper(payload):
1515
"""
1616
Replaces ' ' with '/**/'
1717
Example: 'SELECT id FROM users' becomes 'SELECT/**/id/**/FROM/**/users'
1818
"""
1919

20-
retVal = value
20+
retVal = payload
2121

22-
if value:
22+
if payload:
2323
retVal = ""
2424
quote, doublequote, firstspace = False, False, False
2525

26-
for i in xrange(len(value)):
26+
for i in xrange(len(payload)):
2727
if not firstspace:
28-
if value[i].isspace():
28+
if payload[i].isspace():
2929
firstspace = True
3030
retVal += "/**/"
3131
continue
3232

33-
elif value[i] == '\'':
33+
elif payload[i] == '\'':
3434
quote = not quote
3535

36-
elif value[i] == '"':
36+
elif payload[i] == '"':
3737
doublequote = not doublequote
3838

39-
elif value[i]==" " and not doublequote and not quote:
39+
elif payload[i]==" " and not doublequote and not quote:
4040
retVal += "/**/"
4141
continue
4242

43-
retVal += value[i]
43+
retVal += payload[i]
4444

4545
return retVal
4646

tamper/space2plus.py

Lines changed: 9 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -11,36 +11,35 @@
1111

1212
__priority__ = PRIORITY.LOW
1313

14-
def tamper(value):
14+
def tamper(payload):
1515
"""
1616
Replaces ' ' with '+'
1717
Example: 'SELECT id FROM users' becomes 'SELECT+id+FROM+users'
1818
"""
1919

20-
retVal = value
20+
retVal = payload
2121

22-
if value:
22+
if payload:
2323
retVal = ""
2424
quote, doublequote, firstspace = False, False, False
2525

26-
for i in xrange(len(value)):
26+
for i in xrange(len(payload)):
2727
if not firstspace:
28-
if value[i].isspace():
28+
if payload[i].isspace():
2929
firstspace = True
3030
retVal += "+"
3131
continue
3232

33-
elif value[i] == '\'':
33+
elif payload[i] == '\'':
3434
quote = not quote
3535

36-
elif value[i] == '"':
36+
elif payload[i] == '"':
3737
doublequote = not doublequote
3838

39-
elif value[i]==" " and not doublequote and not quote:
39+
elif payload[i]==" " and not doublequote and not quote:
4040
retVal += "+"
4141
continue
4242

43-
retVal += value[i]
43+
retVal += payload[i]
4444

4545
return retVal
46-

tamper/space2randomblank.py

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -13,37 +13,37 @@
1313

1414
__priority__ = PRIORITY.LOW
1515

16-
def tamper(value):
16+
def tamper(payload):
1717
"""
1818
Replaces ' ' with a random blank char from a set ('\r', '\n', '\t')
1919
Example: 'SELECT id FROM users' becomes 'SELECT\rid\tFROM\nusers'
2020
"""
2121

2222
blanks = ['\r', '\n', '\t']
23-
retVal = value
23+
retVal = payload
2424

25-
if value:
25+
if payload:
2626
retVal = ""
2727
quote, doublequote, firstspace = False, False, False
2828

29-
for i in xrange(len(value)):
29+
for i in xrange(len(payload)):
3030
if not firstspace:
31-
if value[i].isspace():
31+
if payload[i].isspace():
3232
firstspace = True
3333
retVal += random.choice(blanks)
3434
continue
3535

36-
elif value[i] == '\'':
36+
elif payload[i] == '\'':
3737
quote = not quote
3838

39-
elif value[i] == '"':
39+
elif payload[i] == '"':
4040
doublequote = not doublequote
4141

42-
elif value[i]==" " and not doublequote and not quote:
42+
elif payload[i]==" " and not doublequote and not quote:
4343
retVal += random.choice(blanks)
4444
continue
4545

46-
retVal += value[i]
46+
retVal += payload[i]
4747

4848
return retVal
4949

0 commit comments

Comments
 (0)