In today's post, we will see the meaning of the "tamper" option in Sqlmap tool. By the time we just enough to know that there are certain data filtering mechanisms and certain web application firewalls that will hinder us much homework, when implemented correctly SQL injection attack.
To better understand the data covered, it will proceed to stage it in the following example. As you can see below, when a vulnerability is detected SQL code and then tries to exploit, the server returns the same sentence without spaces:
GET /index.html?id=' AND 1=1
Host: X.X.X.X
User-agent: Mozilla/5.0 …
Connection: close
HTTP/1.1 200 OK
Server: X
Connection: Close
The SQL syntax is incorrect when SELECT * FROM productos WHERE ID='AND1=1....
As shown in the above example, the server responds as "The SQL syntax is incorrect" after eliminating the spaces of the sentence. Tampear would require data so that 20% be added to each space.
Although default hexadecimal sqlmap becomes the content of the petition, this example helps us to understand why to the "tamper" option.
Applying the above concept to our previous example, that the judgment was valid should be as follows:
REQUEST:
GET /index.html?id=%27%20AND%201=1
Host: X.X.X.X
User-agent: Mozilla/5.0 …
Connection: close
RESPONSE:
HTTP/1.1 200 OK
Server: X
Connection: Close
OK
As you can see in the previous answer, so that the SQL statement is correct, they should to use tamper option to convert all to hexadecimal data. However, Sqlmap does by default, but is a good way to understand why of tamper option.
I guess by now, you're thinking, and as I used to tamper option. How could identify this?.
Everything depends more, if our client uses WAF(Web Application Firewall), and the version of manager database software.Sometimes we believe that the filters themselves implemented by the manager of the database, are a WAF, but not always.
Sqlmap further it incorporates a feature that allows the detection of the best known to date WAFS this will help us in verifying the existence or otherwise of such firewalls:
--check-waf
#You can find more information in the following official link sqlmap:
https://github.com/sqlmapproject/sqlmap/wiki/Usage
Once identified first type of WAF (if web application has any), the programming language used to develop web, and the type and version that uses the manager of the database, and are ready to choose the tamper option more appropriate.
Since the purpose of this post is to understand the Tamper Sqlmap option and I think is quite clear. I will simply say that there is much information on the Internet regarding what kind of tamper option is used depending on the above parameters.
Regards,
No comments:
Post a Comment