minor revisit of tampering script(s) functionality (urlencode one is removed as it's currently obsolete regarding the whole process of automatic urlencoding)

2025-12-06 12:41:30 +00:00 · 2011-04-04 08:04:47 +00:00
parent 305115a68b
commit e957c4400c
2 changed files with 4 additions and 27 deletions
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -449,8 +449,10 @@ class Connect:
        elif place:
            if place in (PLACE.GET, PLACE.POST):
                # payloads in GET and/or POST need to be urlencoded 
-                # throughly without safe chars (especially &, = and %)
-                payload = urlencode(payload, None, True, True)
+                # throughly without safe chars (especially & and =)
+                # addendum: as we support url encoding in tampering
+                # functions therefore we need to use % as a safe char
+                payload = urlencode(payload, "%", False, True)
                value = agent.replacePayload(value, payload)

            value = agent.removePayloadDelimiters(value)