From 076b0f3b94ee609c5ca25db1dfe2f37a20a62525 Mon Sep 17 00:00:00 2001
From: Ekultek <thomas.perkins23@icloud.com>
Date: Tue, 28 Feb 2017 10:05:19 -0600
Subject: [PATCH] created tamper script for random character encodings

---
 tamper/randcharencode.py | 42 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)
 create mode 100644 tamper/randcharencode.py

diff --git a/tamper/randcharencode.py b/tamper/randcharencode.py
new file mode 100644
index 000000000..975abb2e1
--- /dev/null
+++ b/tamper/randcharencode.py
@@ -0,0 +1,42 @@
+#!/usr/bin/env python
+
+import random
+import os
+from lib.core.common import singleTimeWarnMessage
+from lib.core.common import DBMS
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.LOW
+
+
+def dependencies():
+    singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (
+        os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
+
+
+def tamper(payload, **kwargs):
+    """ Randomly encode some characters in a payload, will
+        always encode at least three characters in the payload
+
+        Requirement:
+          * MySQL
+
+        Tested against:
+          * MySQL >= 5.0.0
+          * MySQL >= 5.0.12
+
+    """
+    retVal = ""
+    randomNumList = range(0, len(payload))
+    acceptedEncodings = ["iso-8859-1", "iso-8859-15", "utf-8", "ascii",
+                         "iso-8859-2"]
+    encoded = 0
+    while encoded <= 3:
+        for i, c in enumerate(list(payload)):
+            if i == random.choice(randomNumList):
+                retVal += c.encode(random.choice(acceptedEncodings))
+                encoded += 1
+            else:
+                retVal += c
+
+    return retVal