sqlmap icon indicating copy to clipboard operation
sqlmap copied to clipboard

Published 20 hours ago verified publisher icon sqlmapproject

Decode/reencode parameters in base64/hex

Open bdamele opened this issue 12 years ago • 8 comments

bdamele avatar Jun 26 '12 15:06 bdamele

You could write your own tamper script that does this.

mwulftange avatar Jul 03 '12 19:07 mwulftange

Not really related. Tamper scripts are doing the encoding of output payloads while we need to automatically detect, decode, inject and re-encode parameters (e.g. Cookies) that contain Base64/Hex encoded strings.

stamparm avatar Jul 03 '12 19:07 stamparm

I've send a detailled mail at stamparm. Maybe it can help to realize a feature for http authentication injection ;)

CmdFreak avatar Feb 27 '13 00:02 CmdFreak

More general mechanism is required:

  1. encoding of request body
  2. encoding of request payload
  3. decoding of response body

stamparm avatar Aug 30 '13 08:08 stamparm

A more simple solution could be to only look for an asterisk.

brandonprry avatar Oct 16 '15 04:10 brandonprry

Idea from an user:

hxxp://link.tosite/function.php?aaa={base64encode}value1=xxx&id=101010&i=1{/base64encode} -p value

hxxp://link.tosite/function.php?aaa={md5encode}value1=xxx&id=101010&i=1{/md5encode} -p value

stamparm avatar Feb 10 '17 10:02 stamparm