commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...)

tamper/randomblanks.py

@@ -2,12 +2,32 @@ import re
 import string
 
 from lib.core.common import randomRange
-from lib.core.exception import sqlmapUnsupportedFeatureException
+from lib.core.convert import urldecode
+from lib.core.convert import urlencode
+from lib.core.data import kb
 
 """
 value -> value with inserted random blanks (e.g., INSERT->IN/**/S/**/ERT)
 """
-#TODO: all
-#TODO: only do it for deepness = 0 regarding '"
 def tamper(place, value):
-    return value
+    retVal = value
+    if value:
+        if place != "URI":
+            retVal = urldecode(retVal)
+
+        for match in re.finditer(r"[A-Za-z_]+", retVal):
+            word = match.group()
+
+            if len(word) < 2:
+                continue
+
+            if word.upper() in kb.keywords:
+                newWord = word[0]
+                for i in xrange(1, len(word) - 1):
+                    newWord += "%s%s" % ("/**/" if randomRange(0,1) else "", word[i])
+                newWord += word[-1]
+                retVal = retVal.replace(word, newWord)
+
+        if place != "URI":
+            retVal = urlencode(retVal)
+    return retVal

tamper/randomcase.py

@@ -2,19 +2,28 @@ import re
 import string
 
 from lib.core.common import randomRange
-from lib.core.exception import sqlmapUnsupportedFeatureException
+from lib.core.convert import urldecode
+from lib.core.convert import urlencode
+from lib.core.data import kb
 
 """
 value -> chars from value with random case (e.g., INSERT->InsERt)
 """
-#TODO: only do it for deepness = 0 regarding '"
 def tamper(place, value):
     retVal = value
     if value:
-        retVal = ""
-        for i in xrange(len(value)):
-            if value[i].isalpha():
-                retVal += value[i].upper() if randomRange(0,1) else value[i].lower()
-            else:
-                retVal += value[i]
+        if place != "URI":
+            retVal = urldecode(retVal)
+
+        for match in re.finditer(r"[A-Za-z_]+", retVal):
+            word = match.group()
+            if word.upper() in kb.keywords:
+                newWord = str()
+                for i in xrange(len(word)):
+                    newWord += word[i].upper() if randomRange(0,1) else word[i].lower()
+                retVal = retVal.replace(word, newWord)
+
+        if place != "URI":
+            retVal = urlencode(retVal)
+
     return retVal

tamper/space2comment.py

@@ -6,12 +6,28 @@ from lib.core.convert import urlencode
 """
 ' ' -> /**/ (e.g., SELECT id FROM users->SELECT/**/id/**/FROM users)
 """
-#TODO: only do it for deepness = 0 regarding '"
 def tamper(place, value):
+    retVal = value
     if value:
         if place != "URI":
             value = urldecode(value)
-        value = value.replace(" ", "/**/")
+
+        retVal = ""
+        qoute, doublequote, firstspace = False, False, False
+
+        for i in xrange(len(value)):
+            if not firstspace:
+                firstspace = value[i].isspace()
+            elif value[i] == '\'':
+                qoute = not qoute
+            elif value[i] == '"':
+                doublequote = not doublequote
+            elif value[i]==" " and not doublequote and not qoute:
+                retVal += "/**/"
+                continue
+            retVal += value[i]
+
         if place != "URI":
-            value = urlencode(value)
-    return value
+            retVal = urlencode(retVal)
+    return retVal
+