Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature request - Add an option to modify the response before SQL Map analyzes it, similar to tamper for requests #3505

Closed
dee-see opened this issue Feb 28, 2019 · 8 comments
Assignees
Milestone

Comments

@dee-see
Copy link

@dee-see dee-see commented Feb 28, 2019

What's the problem (or question)?

I'm running SQLMap against an API which returns encrypted responses.

Do you have an idea for a solution?

The requests are encrypted as well and with the help of the --tamper switch I can get around that just fine (I know the encryption and decryption logic). If I had a switch to process the response's data before SQLMap analyzes it it would be wonderful.

At the moment, a timing-based attack can work in those scenarios, but it would be so much faster if I could use the HTTP response and benefit from other injection techniques.

Thank you very much for a great tool, if you acknowledge this as a nice-to-have feature, I'd be willing to try to implement it myself.

@stamparm

This comment has been minimized.

Copy link
Member

@stamparm stamparm commented Feb 28, 2019

You mean something like --preprocess <script.py>, where script.py would be some user tamper-alike script accepting similar arguments as tamper scripts? You would use it right after sqlmap gets the (raw) response (e.g. here)

@dee-see

This comment has been minimized.

Copy link
Author

@dee-see dee-see commented Feb 28, 2019

Yes that's exactly what I mean !

@dee-see

This comment has been minimized.

Copy link
Author

@dee-see dee-see commented Mar 4, 2019

If that's a feature you'd like to see in the project @stamparm I'll start working on it.

@687766616e

This comment has been minimized.

Copy link

@687766616e 687766616e commented Mar 4, 2019

@dee-see I want too! nice~😆

@stamparm

This comment has been minimized.

Copy link
Member

@stamparm stamparm commented Mar 4, 2019

I'll do it

@stamparm stamparm self-assigned this Mar 4, 2019
stamparm added a commit that referenced this issue Mar 4, 2019
@stamparm stamparm added this to the 1.4 milestone Mar 4, 2019
@stamparm

This comment has been minimized.

Copy link
Member

@stamparm stamparm commented Mar 4, 2019

Quick start:

$ mkdir /tmp/foobar

$ touch /tmp/foobar/__init__.py

$ cat > /tmp/foobar/preprocess.py << "EOF"
#!/usr/bin/env

def preprocess(page, headers=None, code=None):
    return "AAAAAAAAAAAAA" + (page or ""), headers, code
EOF

$ python sqlmap.py -u localhost/?id=1 --preprocess /tmp/foobar/preprocess.py -v 6 --batch | grep -C 2 AAAA
Content-type: text/html; charset=UTF-8

AAAAAAAAAAAAA<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
--
Content-type: text/html; charset=UTF-8

AAAAAAAAAAAAA<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
--
Content-type: text/html; charset=UTF-8

AAAAAAAAAAAAA<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
--
Content-type: text/html; charset=UTF-8

AAAAAAAAAAAAA<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
--
Content-type: text/html; charset=UTF-8

AAAAAAAAAAAAA<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
--
@stamparm stamparm closed this Mar 4, 2019
@stamparm

This comment has been minimized.

@dee-see

This comment has been minimized.

Copy link
Author

@dee-see dee-see commented Mar 4, 2019

That was quick! Thank you very much

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.