Minor update

2025-12-06 04:31:30 +00:00 · 2025-02-19 14:11:03 +01:00
parent 25925961ba
commit fa9dc20c6e
12 changed files with 22 additions and 22 deletions
--- a/tamper/0eunion.py
+++ b/tamper/0eunion.py
@@ -16,7 +16,7 @@ def dependencies():

 def tamper(payload, **kwargs):
    """
-    Replaces instances of <int> UNION with <int>e0UNION
+    Replaces an integer followed by UNION with an integer followed by e0UNION

    Requirement:
        * MySQL
--- a/tamper/apostrophemask.py
+++ b/tamper/apostrophemask.py
@@ -14,7 +14,7 @@ def dependencies():

 def tamper(payload, **kwargs):
    """
-    Replaces apostrophe character (') with its UTF-8 full width counterpart (e.g. ' -> %EF%BC%87)
+    Replaces single quotes (') with their UTF-8 full-width equivalents (e.g. ' -> %EF%BC%87)

    References:
        * http://www.utf8-chartable.de/unicode-utf8-table.pl?start=65280&number=128
--- a/tamper/apostrophenullencode.py
+++ b/tamper/apostrophenullencode.py
@@ -14,7 +14,7 @@ def dependencies():

 def tamper(payload, **kwargs):
    """
-    Replaces apostrophe character (') with its illegal double unicode counterpart (e.g. ' -> %00%27)
+    Replaces single quotes (') with an illegal double Unicode encoding (e.g. ' -> %00%27)

    >>> tamper("1 AND '1'='1")
    '1 AND %00%271%00%27=%00%271'
--- a/tamper/appendnullbyte.py
+++ b/tamper/appendnullbyte.py
@@ -18,7 +18,7 @@ def dependencies():

 def tamper(payload, **kwargs):
    """
-    Appends (Access) NULL byte character (%00) at the end of payload
+    Appends an (Access) NULL byte character (%00) at the end of payload

    Requirement:
        * Microsoft Access
--- a/tamper/base64encode.py
+++ b/tamper/base64encode.py
@@ -15,7 +15,7 @@ def dependencies():

 def tamper(payload, **kwargs):
    """
-    Base64-encodes all characters in a given payload
+    Encodes the entire payload using Base64

    >>> tamper("1' AND SLEEP(5)#")
    'MScgQU5EIFNMRUVQKDUpIw=='
--- a/tamper/between.py
+++ b/tamper/between.py
@@ -16,7 +16,7 @@ def dependencies():

 def tamper(payload, **kwargs):
    """
-    Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #' and equals operator ('=') with 'BETWEEN # AND #'
+    Replaces the greater-than operator (>) with NOT BETWEEN 0 AND # and the equal sign (=) with BETWEEN # AND #

    Tested against:
        * Microsoft SQL Server 2005
--- a/tamper/binary.py
+++ b/tamper/binary.py
@@ -16,7 +16,7 @@ def dependencies():

 def tamper(payload, **kwargs):
    """
-    Injects keyword binary where possible
+    Injects the keyword binary where applicable

    Requirement:
        * MySQL
--- a/tamper/bluecoat.py
+++ b/tamper/bluecoat.py
@@ -17,7 +17,7 @@ def dependencies():

 def tamper(payload, **kwargs):
    """
-    Replaces space character after SQL statement with a valid random blank character. Afterwards replace character '=' with operator LIKE
+    Replaces the space following an SQL statement with a random valid blank character, then converts = to LIKE

    Requirement:
        * Blue Coat SGOS with WAF activated as documented in
--- a/tamper/chardoubleencode.py
+++ b/tamper/chardoubleencode.py
@@ -16,7 +16,7 @@ def dependencies():

 def tamper(payload, **kwargs):
    """
-    Double URL-encodes all characters in a given payload (not processing already encoded) (e.g. SELECT -> %2553%2545%254C%2545%2543%2554)
+    Double URL-encodes each character in the payload (ignores already encoded ones) (e.g. SELECT -> %2553%2545%254C%2545%2543%2554)

    Notes:
        * Useful to bypass some weak web application firewalls that do not double URL-decode the request before processing it through their ruleset
--- a/tamper/randomcomments.py
+++ b/tamper/randomcomments.py
@@ -16,7 +16,7 @@ __priority__ = PRIORITY.LOW

 def tamper(payload, **kwargs):
    """
-    Add random inline comments inside SQL keywords (e.g. SELECT -> S/**/E/**/LECT)
+    Inserts random inline comments within SQL keywords (e.g. SELECT -> S/**/E/**/LECT)

    >>> import random
    >>> random.seed(0)