O'Reilly logo

Mastering Modern Web Penetration Testing by Prakhar Prasad

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Evasion – tamper scripts

Tamper scripts are basically used in the evasion of simple filters and Web Application Firewalls (WAFs). They are a collection of in-built scripts which modify the injection vector used by SQLMap. There are cases when WAF detects the injection vectors and blocks the whole process. The following table gives a brief description of various tamper scripts and their usage. The comprehensive table was fabricated by Jake Rogers at http://www.forkbombers.com/ so the entire credit goes to him.

Name

Description

apostrophemask.py

Replaces the apostrophe character with its UTF-8 full width counterpart.

apostrophenullencode.py

Replaces the apostrophe character with its illegal double unicode counterpart.

appendnullbyte.py

Appends the encoded ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required