SQLi Query Tampering

SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite’s Intruder.

Advantages and Benefits

Sqlmap is a great automated tool for SQL vulnerabilities but it can be a little noisy when you perform pentesting or bug hunting! One of the cool parts of Sqlmap is Tampering. Tampering gives us some functions/techniques to evade filters and WAF’s.

SQLi Query Tampering gives you the flexibility of manual testing with many powerful evasion techniques. This extension has two-part:

1. Generator:
   • You are able to add your customized payloads
   • All evasion techniques grouped by DBMS type
   • Tampered payloads can be used as a Generator in Intruder or saved to clipboard/file

2. Processor:
   • You have the ability to choose one of the tamper techniques as your processor
   • The processor can be added as a Payload Processor
   • You can add your payloads and tamper them based on the selected technique. Write one payload per line.

The list of Evasion Techniques:

apostrophemask, apostrophenullencode, appendnullbyte, between, bluecoat, chardoubleencode, charencode, charunicodeencode, charunicodeescape, commalesslimit, commalessmid, commentbeforeparentheses, concat2concatws, equaltolike, escapequotes, greatest, halfversionedmorekeywords, hex2char, htmlencode, ifnull2casewhenisnull, ifnull2ifisnull, informationschemacomment, least, lowercase, modsecurityversioned, modsecurityzeroversioned, multiplespaces, overlongutf8, overlongutf8more, percentage, plus2concat, plus2fnconcat, randomcase, randomcomments, sp_password, space2comment, space2dash, space2hash, space2morecomment, space2morehash, space2mssqlblank, space2mssqlhash, space2mysqlblank, space2mysqldash, space2plus, space2randomblank, symboliclogical, unionalltounion, unmagicquotes, uppercase, versionedkeywords, versionedmorekeywords, 0eunion, misunion, schemasplit, binary, dunion

Usage notes:

• All Tampered Queries (in Generator/Processor) returned in URL-Encoded
• You can add a decoding rule in Payload Processing section if you need URL-decoded payloads

Changelog v1.3

• Add Options tab:
  • Payloads Directory
  • Restore Defaults
• Fix some issues in UI and Tamper module

Download & Install

Copyright 2014 Context Information Security