We don't accept merge requests without standard header that can be found in all sqlmap python files. As a matter of recognition we can add you to the doc/THANKS.md list.

After a second look:

A) I am a known BOFH and I don't like the quality of this code. There are many things that would require a rewriting (I can do this, but you have to take a look at B).
B) When I said We don't accept merge requests without standard header that also means that no other self-promoting stuff can go inside (e.g. Vulnerability discovered by: Daniel Fariña Hernández). I can do a proper reference to a valid page (to whatever page you want where the vulnerability/bypass is being talked about). Also, I said for matter of recognition we can add you to the doc/THANKS.md list

That's fine, I will change the tamper header and you can modify the code whatever it takes.

This is the page where the vulnerability is being talked about:
https://opendatasecurity.io/cloudflare-vulnerability-allows-waf-be-disabled/

Thank you so much!

Done the modifications at my side. First I'll merge your version completely into the HEAD and then do the after-commit in a minute

@j4ckmln please pull the latest revision and try to run it with --tamper=luanginx.py (Note: changed the name to be compliant with other tamper scripts). Also, if you want to change something in https://github.com/sqlmapproject/sqlmap/blob/master/doc/THANKS.md please let me know (grep for Jennifer Torres)

Thank you!
I was testing the modifications made and there's a small error that affects the performance of the tamper.

This is an example about the modifications result:
"GET /vulnerabilities/sqli/1s=&NY=&q4=&e2=&[...]Pf=&Dk=&Tk=&wG=&Vf=&http://cloudflarewafexampleurl.com:80/vulnerabilities/sqli/?id=9195&Submit=Submit HTTP/1.1"

This must be the result:
"GET /vulnerabilities/sqli/?1s=&NY=&q4=&e2=&[...]Pf=&Dk=&Tk=&wG=&Vf=&id=[INJECTION]&Submit=Submit HTTP/1.1"

Example:
"GET /vulnerabilities/sqli/?[100 random parameters here]&id=[INJECTION]&Submit=Submit HTTP/1.1"
Where 'id' is the vulnerable parameter and 'Submit' is an example of another necessary parameter that could be in the request.

How have you run it? I guess with * where you wanted sqlmap to inject, right?

When I am running with a regular python sqlmap.py -u "..../?id=1" --tamper luanginx.py I get good results

p.s. I'll fix the URI case (which I guess you've tried), but need to know if that was really the case at your place

With latest revision your usage case should work too (with custom injection marking inside the URI itself (e.g. <target.com>/?id1=1*&id2=2)

Yes, that was the problem.
Great! Now it works perfectly, thanks for everything! =D