Skip to content

SQLMap tamper api to accept tamper scripts from all languages

Notifications You must be signed in to change notification settings

KINGSABRI/sqlmap-tamper-api

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

35 Commits
 
 
 
 
 
 

Repository files navigation

SQLmap Tamper-API

It's an API for SQLmap tamper scripts allows you to use your favorite programming language to write your tamper scripts.

This API solves SQLmap limitation of accepting only python to write tamper scripts.

How it works

taper-api.py script sends the payload and kwargs in a JSON format ( {"payload": "", "kwargs": {"headers": {}}} ) to the foreign tamper script's STDIN as an argument.

From there the foreign script parses the JSON and process it then sends it as a JSON format again to STDOUT where tamper-api.py reads and parses then sends it to SQLmap.

    ,-------(returns objects)---------,
    |                                 |
[ sqlmap ] --(sends objects)--> [tamper-api] --(sends json)--> [your-script]
                                      ^                             |
                                      |________(returns json)_______|  

Example

#!/usr/bin/env ruby
#
# Author:       KING SABRI | @KINGSABRI
# Description:  Base64 encoding all characters in a given payload
# Requirements: None
#
require 'json'
require 'base64'

@json    = JSON.parse(ARGV[0])
@payload = @json["payload"]
@kwargs  = @json["kwargs"]

@json["payload"] = Base64.urlsafe_encode64(@payload)

print @json.to_json

Don't Forget:

  • Copy tamper-api.py script into sqlmap/tamper directory.
  • Check tamper-scripts/[YOUR_LANGUAGE] for practical examples.

Usage

sqlmap -v3 -u http://example.com/pages.php?page=1 --tamper tamper-api base64encode.rb

Contribution

  1. Fork
  2. Clone : https://github.com/[USERNAME]/sqlmap-multi-language-tamper.git
  3. Create a new branch: git checkout -b YourBranch
  4. Commit changes: git add * && git commit 'description'
  5. Create Pull Request(PR)

Or, open an issue for new requests and bugs reporting!

About

SQLMap tamper api to accept tamper scripts from all languages

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published