sqlmap/tamper/randomcase.py

# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)
# See the file doc/COPYING for copying permission.

import re
import string

from lib.core.common import randomRange
from lib.core.convert import urldecode
from lib.core.convert import urlencode
from lib.core.data import kb

"""
value -> chars from value with random case (e.g., INSERT->InsERt)
"""
def tamper(place, value):
    retVal = value

    if value:
        if place != "URI":
            retVal = urldecode(retVal)

        for match in re.finditer(r"[A-Za-z_]+", retVal):
            word = match.group()

            if word.upper() in kb.keywords:
                newWord = str()

                for i in xrange(len(word)):
                    newWord += word[i].upper() if randomRange(0,1) else word[i].lower()

                retVal = retVal.replace(word, newWord)

        if place != "URI":
            retVal = urlencode(retVal)

    return retVal
introducing new style for copyright header 2010-10-14 18:02:43 +04:00			`# Copyright (c) 2006-2010 sqlmap project (http://sqlmap.sourceforge.net/)`
			`# See the file doc/COPYING for copying permission.`

update of tampering modules 2010-10-13 23:51:10 +04:00			`import re`
			`import string`

			`from lib.core.common import randomRange`
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00			`from lib.core.convert import urldecode`
			`from lib.core.convert import urlencode`
			`from lib.core.data import kb`
update of tampering modules 2010-10-13 23:51:10 +04:00
			`"""`
minor update 2010-10-14 10:20:32 +04:00			`value -> chars from value with random case (e.g., INSERT->InsERt)`
update of tampering modules 2010-10-13 23:51:10 +04:00			`"""`
			`def tamper(place, value):`
			`retVal = value`
introducing new style for copyright header 2010-10-14 18:02:43 +04:00
update of tampering modules 2010-10-13 23:51:10 +04:00			`if value:`
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00			`if place != "URI":`
			`retVal = urldecode(retVal)`

			`for match in re.finditer(r"[A-Za-z_]+", retVal):`
			`word = match.group()`
introducing new style for copyright header 2010-10-14 18:02:43 +04:00
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00			`if word.upper() in kb.keywords:`
			`newWord = str()`
introducing new style for copyright header 2010-10-14 18:02:43 +04:00
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00			`for i in xrange(len(word)):`
			`newWord += word[i].upper() if randomRange(0,1) else word[i].lower()`
introducing new style for copyright header 2010-10-14 18:02:43 +04:00
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...) 2010-10-14 15:06:28 +04:00			`retVal = retVal.replace(word, newWord)`

			`if place != "URI":`
			`retVal = urlencode(retVal)`

update of tampering modules 2010-10-13 23:51:10 +04:00			`return retVal`