created tamper script for random character encodings

2025-07-29 17:39:56 +03:00 · 2017-02-28 10:05:19 -06:00 · 2017-02-28 10:05:19 -06:00 · 076b0f3b94
commit 076b0f3b94
parent a35c976759
1 changed files with 42 additions and 0 deletions
--- a/tamper/randcharencode.py
+++ b/tamper/randcharencode.py
@ -0,0 +1,42 @@
+#!/usr/bin/env python
+
+import random
+import os
+from lib.core.common import singleTimeWarnMessage
+from lib.core.common import DBMS
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.LOW
+
+
+def dependencies():
+    singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (
+        os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
+
+
+def tamper(payload, **kwargs):
+    """ Randomly encode some characters in a payload, will
+        always encode at least three characters in the payload
+
+        Requirement:
+          * MySQL
+
+        Tested against:
+          * MySQL >= 5.0.0
+          * MySQL >= 5.0.12
+
+    """
+    retVal = ""
+    randomNumList = range(0, len(payload))
+    acceptedEncodings = ["iso-8859-1", "iso-8859-15", "utf-8", "ascii",
+                         "iso-8859-2"]
+    encoded = 0
+    while encoded <= 3:
+        for i, c in enumerate(list(payload)):
+            if i == random.choice(randomNumList):
+                retVal += c.encode(random.choice(acceptedEncodings))
+                encoded += 1
+            else:
+                retVal += c
+
+    return retVal