Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too.

2025-12-06 20:51:31 +00:00 · 2011-07-06 21:04:45 +00:00
parent 0d28c1e9e7
commit 23b4efdcaf
18 changed files with 399 additions and 45 deletions
--- a/tamper/multiplespaces.py
+++ b/tamper/multiplespaces.py
@@ -10,16 +10,26 @@ See the file 'doc/COPYING' for copying permission
 import random
 import re

-from lib.core.common import randomRange
 from lib.core.data import kb
 from lib.core.enums import PRIORITY

 __priority__ = PRIORITY.NORMAL

+def dependencies():
+    pass
+
 def tamper(payload):
    """
-    Adding multiple spaces around SQL keywords
-    Example: 'UNION SELECT' migth become '  UNION   SELECT  '
+    Adds multiple spaces around SQL keywords
+
+    Example:
+        * Input: UNION SELECT
+        * Output:  UNION   SELECT  
+
+    Notes:
+        * Useful to bypass very weak and bespoke web application firewalls
+          that has poorly written permissive regular expressions
+
    Reference: https://www.owasp.org/images/7/74/Advanced_SQL_Injection.ppt
    """