sqlmap icon indicating copy to clipboard operation
sqlmap copied to clipboard
verified publisher icon sqlmapproject

Whether tamper can add a parameter to get prefix and suffix

Open HangZhouCat opened this issue 3 years ago • 4 comments

I have read some documents of Tamper and the official example tamper, but I haven't found a place where I can get the suffix and prefix, and the tamper I wrote needs to use suffix and prefix. I wonder whether this function has been implemented. If so, please tell me. If not, could you consider adding this feature?

HangZhouCat avatar Feb 06 '22 19:02 HangZhouCat

Oh, I almost forgot, I also found a problem, I don't know if it is a bug, when using DNS tunnel mode, namely --dns-domain, I found that SQLMap will discard suffix, Please check it and tell me the answer. Thank you for your trouble~

HangZhouCat avatar Feb 06 '22 19:02 HangZhouCat

sorry to inform you, but there is no way how to do it (in easy way). adding prefix/suffix is being done long before it could be available to tamper mechanism

for example, in https://github.com/sqlmapproject/sqlmap/blob/master/lib/techniques/blind/inference.py#L606-L608 those are being set in case of boolean-based blind SQLi, while tampering is called inside that Request.queryPage being called in line after

stamparm avatar Feb 07 '22 16:02 stamparm

sorry to inform you, but there is no way how to do it (in easy way). adding prefix/suffix is being done long before it could be available to tamper mechanism

for example, in https://github.com/sqlmapproject/sqlmap/blob/master/lib/techniques/blind/inference.py#L606-L608 those are being set in case of boolean-based blind SQLi, while tampering is called inside that Request.queryPage being called in line after

You don't have to be sorry, I like the tool you wrote and it helped me a lot, but my English is not very good, I hope you can understand what I wrote. The function of getting --suffix and --prefix entered by the user on the command line in tamper, by reading your code, I can already achieve it. I hope I can take a look at the suspected bug I mentioned above. I also used -v 4 to check the final payload sent. Indeed, in dns tunnel mode, suffix will be discarded. Happy New Year to you

HangZhouCat avatar Feb 16 '22 17:02 HangZhouCat

@HangZhouCat did you manage to add this to a branch? I think that I am also after a similar feature. I would describe it as dynamic parameters which are based upon the payload and or other components of the final URL. In my context I am doing it manually right now to bypass URL tampering hashes - however I think it would be a nice feature for sqlmap.

cmberryau avatar Apr 30 '22 06:04 cmberryau