SQLMap tamper scripts

CERT-Polska · Feb 19, 2024 · b38ca1c · b38ca1c
1 parent b4b4faa
commit b38ca1c
Show file tree

Hide file tree

Showing 3 changed files with 48 additions and 24 deletions.
diff --git a/extra_modules_config.py b/extra_modules_config.py
@@ -41,3 +41,18 @@ class ExtraModulesConfig:
         cast=int,
         default=50,
     )
+
+    SQLMAP_TAMPER_SCRIPTS = decouple.config(
+        "SQLMAP_TAMPER_SCRIPTS",
+        cast=decouple.Csv(str),
+        default=",".join(
+            [
+                "base64encode",
+                "chardoubleencode",
+                "charencode",
+                "randomcase",
+                "space2randomblank",
+                "/opt/karton_sqlmap/tamper/tamper_double_quotes.py",
+            ]
+        ),
+    )
diff --git a/karton_sqlmap/Dockerfile b/karton_sqlmap/Dockerfile
@@ -10,4 +10,8 @@ WORKDIR /opt/
 COPY extra_modules_config.py /opt/
 COPY karton_sqlmap/karton_sqlmap.py /opt/artemis/modules/
 COPY karton_sqlmap/test_sqlmap.py /opt/
+COPY karton_sqlmap/tamper/ /opt/karton_sqlmap/tamper/
+
+RUN touch /opt/karton_sqlmap/__init__.py
+
 COPY test /opt/test
diff --git a/karton_sqlmap/karton_sqlmap.py b/karton_sqlmap/karton_sqlmap.py
@@ -54,32 +54,37 @@ def _run() -> Optional[str]:
             else:
                 additional_configuration = []
 
-            cmd = (
-                [
-                    "sqlmap",
-                    "--delay",
-                    str(1.0 / Config.Limits.REQUESTS_PER_SECOND) if Config.Limits.REQUESTS_PER_SECOND else "0",
-                    "-u",
-                    url,
-                    "--batch",
-                    "--technique",
-                    "BU",
-                    "--skip-waf",
-                    "--skip-heuristics",
-                    "-v",
-                    "0",
-                ]
-                + arguments
-                + additional_configuration
-            )
-            data = subprocess.check_output(cmd)
+            for tamper_script in [None] + ExtraModulesConfig.SQLMAP_TAMPER_SCRIPTS:
+                cmd = (
+                    [
+                        "sqlmap",
+                        "--delay",
+                        str(1.0 / Config.Limits.REQUESTS_PER_SECOND) if Config.Limits.REQUESTS_PER_SECOND else "0",
+                        "-u",
+                        url,
+                        "--batch",
+                        "--technique",
+                        "BU",
+                        "--skip-waf",
+                        "--skip-heuristics",
+                        "-v",
+                        "0",
+                    ]
+                    + arguments
+                    + additional_configuration
+                )
+
+                if tamper_script:
+                    cmd.append(f"--tamper={tamper_script}")
+
+                data = subprocess.check_output(cmd)
 
-            data_str = data.decode("ascii", errors="ignore")
+                data_str = data.decode("ascii", errors="ignore")
 
-            for line in data_str.split("\n"):
-                match_result = re.compile(f"^{re.escape(find_in_output)}[^:]*: '(.*)'$").fullmatch(line)
-                if match_result:
-                    return match_result.group(1)
+                for line in data_str.split("\n"):
+                    match_result = re.compile(f"^{re.escape(find_in_output)}[^:]*: '(.*)'$").fullmatch(line)
+                    if match_result:
+                        return match_result.group(1)
             return None
 
         if timeout_seconds: