sqlmap/tamper/randomcase.py

#!/usr/bin/env python

"""
$Id$

Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""

import re

from lib.core.common import randomRange
from lib.core.convert import urldecode
from lib.core.convert import urlencode
from lib.core.data import kb

def tamper(place, value):
    """
    Replaces each character with random case value
    Example: 'INSERT' might become 'InsERt'
    """

    retVal = value

    if value:
        if place != "URI":
            retVal = urldecode(retVal)

        for match in re.finditer(r"[A-Za-z_]+", retVal):
            word = match.group()

            if word.upper() in kb.keywords:
                newWord = str()

                for i in xrange(len(word)):
                    newWord += word[i].upper() if randomRange(0, 1) else word[i].lower()

                retVal = retVal.replace(word, newWord)

        if place != "URI":
            retVal = urlencode(retVal)

    return retVal
forgot to put "#!/usr/bin/env python" 2010-10-14 18:05:05 +04:00			`#!/usr/bin/env python`

large commit with copyright header modifications 2010-10-14 18:41:14 +04:00			`"""`
			$Id$

			`Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)`
sorry, cosmetics 2010-10-15 03:18:29 +04:00			`See the file 'doc/COPYING' for copying permission`
large commit with copyright header modifications 2010-10-14 18:41:14 +04:00			`"""`
introducing new style for copyright header 2010-10-14 18:02:43 +04:00
update of tampering modules 2010-10-13 23:51:10 +04:00			`import re`

			`from lib.core.common import randomRange`
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00			`from lib.core.convert import urldecode`
			`from lib.core.convert import urlencode`
			`from lib.core.data import kb`
update of tampering modules 2010-10-13 23:51:10 +04:00
			`def tamper(place, value):`
Minor bug fixes, code refactoring and enhanced --tamper functionality 2010-10-17 01:33:15 +04:00			`"""`
			`Replaces each character with random case value`
			`Example: 'INSERT' might become 'InsERt'`
			`"""`

update of tampering modules 2010-10-13 23:51:10 +04:00			`retVal = value`
introducing new style for copyright header 2010-10-14 18:02:43 +04:00
update of tampering modules 2010-10-13 23:51:10 +04:00			`if value:`
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00			`if place != "URI":`
			`retVal = urldecode(retVal)`

			`for match in re.finditer(r"[A-Za-z_]+", retVal):`
			`word = match.group()`
introducing new style for copyright header 2010-10-14 18:02:43 +04:00
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00			`if word.upper() in kb.keywords:`
			`newWord = str()`
introducing new style for copyright header 2010-10-14 18:02:43 +04:00
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00			`for i in xrange(len(word)):`
Minor bug fix to --tamper 2010-10-17 01:55:34 +04:00			`newWord += word[i].upper() if randomRange(0, 1) else word[i].lower()`
introducing new style for copyright header 2010-10-14 18:02:43 +04:00
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00			`retVal = retVal.replace(word, newWord)`

			`if place != "URI":`
			`retVal = urlencode(retVal)`

update of tampering modules 2010-10-13 23:51:10 +04:00			`return retVal`