Update for an Issue #12

lib/core/option.py

@@ -835,7 +835,7 @@ def __setTamperingFunctions():
             priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__
 
             for name, function in inspect.getmembers(module, inspect.isfunction):
-                if name == "tamper" and function.func_code.co_argcount == 2:
+                if name == "tamper":
                     found = True
                     kb.tamperFunctions.append(function)
                     function.func_name = module.__name__

tamper/apostrophemask.py

@@ -12,7 +12,7 @@ __priority__ = PRIORITY.LOWEST
 def dependencies():
     pass
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Replaces apostrophe character with its UTF-8 full width counterpart
 

tamper/apostrophenullencode.py

@@ -12,7 +12,7 @@ __priority__ = PRIORITY.LOWEST
 def dependencies():
     pass
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Replaces apostrophe character with its illegal double unicode counterpart
 

tamper/appendnullbyte.py

@@ -12,7 +12,7 @@ __priority__ = PRIORITY.LOWEST
 def dependencies():
     pass
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Appends encoded NULL byte character at the end of payload
 

tamper/base64encode.py

@@ -14,7 +14,7 @@ __priority__ = PRIORITY.LOWEST
 def dependencies():
     pass
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Base64 all characters in a given payload
 

tamper/between.py

@@ -14,7 +14,7 @@ __priority__ = PRIORITY.HIGHEST
 def dependencies():
     pass
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #'
 

tamper/bluecoat.py

@@ -17,7 +17,7 @@ __priority__ = PRIORITY.NORMAL
 def dependencies():
     pass
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Replaces space character after SQL statement with a valid random blank character.
     Afterwards replace character = with LIKE operator

tamper/chardoubleencode.py

@@ -14,7 +14,7 @@ __priority__ = PRIORITY.LOW
 def dependencies():
     pass
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Double url-encodes all characters in a given payload (not processing
     already encoded)

tamper/charencode.py

@@ -14,7 +14,7 @@ __priority__ = PRIORITY.LOWEST
 def dependencies():
     pass
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Url-encodes all characters in a given payload (not processing already
     encoded)

tamper/charunicodeencode.py

@@ -16,7 +16,7 @@ __priority__ = PRIORITY.LOWEST
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against ASP or ASP.NET web applications" % os.path.basename(__file__).split(".")[0])
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Unicode-url-encodes non-encoded characters in a given payload (not
     processing already encoded)

tamper/equaltolike.py

@@ -17,7 +17,7 @@ __priority__ = PRIORITY.HIGHEST
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is unlikely to work against %s" % (os.path.basename(__file__).split(".")[0], DBMS.PGSQL))
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Replaces all occurances of operator equal ('=') with operator 'LIKE'
 

tamper/halfversionedmorekeywords.py

@@ -19,7 +19,7 @@ __priority__ = PRIORITY.HIGHER
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s < 5.1" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Adds versioned MySQL comment before each keyword
 

tamper/ifnull2ifisnull.py

@@ -12,7 +12,7 @@ __priority__ = PRIORITY.HIGHEST
 def dependencies():
     pass
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)'
 

tamper/modsecurityversioned.py

@@ -13,7 +13,7 @@ __priority__ = PRIORITY.HIGHER
 def dependencies():
     pass
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Embraces complete query with versioned comment
 

tamper/modsecurityzeroversioned.py

@@ -12,7 +12,7 @@ __priority__ = PRIORITY.HIGHER
 def dependencies():
     pass
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Embraces complete query with zero-versioned comment
 

tamper/multiplespaces.py

@@ -16,7 +16,7 @@ __priority__ = PRIORITY.NORMAL
 def dependencies():
     pass
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Adds multiple spaces around SQL keywords
 

tamper/nonrecursivereplacement.py

@@ -13,7 +13,7 @@ from lib.core.enums import PRIORITY
 
 __priority__ = PRIORITY.NORMAL
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Replaces predefined SQL keywords with representations
     suitable for replacement (e.g. .replace("SELECT", "")) filters

tamper/percentage.py

@@ -16,7 +16,7 @@ __priority__ = PRIORITY.LOW
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against ASP web applications" % os.path.basename(__file__).split(".")[0])
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Adds a percentage sign ('%') infront of each character
 

tamper/randomcase.py

@@ -16,7 +16,7 @@ __priority__ = PRIORITY.NORMAL
 def dependencies():
     pass
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Replaces each keyword character with random case value
 

tamper/randomcomments.py

@@ -13,7 +13,7 @@ from lib.core.enums import PRIORITY
 
 __priority__ = PRIORITY.LOW
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Add random comments to SQL keywords
     Example: 'INSERT' becomes 'IN/**/S/**/ERT'

tamper/securesphere.py

@@ -14,7 +14,7 @@ __priority__ = PRIORITY.NORMAL
 def dependencies():
     pass
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Appends special crafted string
 

tamper/sp_password.py

@@ -9,7 +9,7 @@ from lib.core.enums import PRIORITY
 
 __priority__ = PRIORITY.HIGH
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Appends 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs
 

tamper/space2comment.py

@@ -12,7 +12,7 @@ __priority__ = PRIORITY.LOW
 def dependencies():
     pass
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Replaces space character (' ') with comments '/**/'
 

tamper/space2dash.py

@@ -12,7 +12,7 @@ from lib.core.enums import PRIORITY
 
 __priority__ = PRIORITY.LOW
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Replaces space character (' ') with a dash comment ('--') followed by
     a random string and a new line ('\n')

tamper/space2hash.py

@@ -18,7 +18,7 @@ __priority__ = PRIORITY.LOW
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Replaces space character (' ') with a pound character ('#') followed by
     a random string and a new line ('\n')

tamper/space2morehash.py

@@ -21,7 +21,7 @@ __priority__ = PRIORITY.LOW
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s > 5.1.13" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Replaces space character (' ') with a pound character ('#') followed by
     a random string and a new line ('\n')

tamper/space2mssqlblank.py

@@ -17,7 +17,7 @@ __priority__ = PRIORITY.LOW
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MSSQL))
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Replaces space character (' ') with a random blank character from a
     valid set of alternate characters

tamper/space2mssqlhash.py

@@ -9,7 +9,7 @@ from lib.core.enums import PRIORITY
 
 __priority__ = PRIORITY.LOW
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Replaces space character (' ') with a pound character ('#') followed by
     a new line ('\n')

tamper/space2mysqlblank.py

@@ -17,7 +17,7 @@ __priority__ = PRIORITY.LOW
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Replaces space character (' ') with a random blank character from a
     valid set of alternate characters

tamper/space2mysqldash.py

@@ -16,7 +16,7 @@ __priority__ = PRIORITY.LOW
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Replaces space character (' ') with a dash comment ('--') followed by
     a new line ('\n')

tamper/space2plus.py

@@ -12,7 +12,7 @@ __priority__ = PRIORITY.LOW
 def dependencies():
     pass
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Replaces space character (' ') with plus ('+')
 

tamper/space2randomblank.py

@@ -14,7 +14,7 @@ __priority__ = PRIORITY.LOW
 def dependencies():
     pass
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Replaces space character (' ') with a random blank character from a
     valid set of alternate characters

tamper/unionalltounion.py

@@ -14,7 +14,7 @@ __priority__ = PRIORITY.HIGHEST
 def dependencies():
     pass
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Replaces UNION ALL SELECT with UNION SELECT
 

tamper/unmagicquotes.py

@@ -14,7 +14,7 @@ __priority__ = PRIORITY.NORMAL
 def dependencies():
     pass
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Replaces quote character (') with a multi-byte combo %bf%27 together with
     generic comment at the end (to make it work)

tamper/versionedkeywords.py

@@ -18,7 +18,7 @@ __priority__ = PRIORITY.HIGHER
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Encloses each non-function keyword with versioned MySQL comment
 

tamper/versionedmorekeywords.py

@@ -19,7 +19,7 @@ __priority__ = PRIORITY.HIGHER
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s >= 5.1.13" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
 
-def tamper(payload, headers=None):
+def tamper(payload, **kwargs):
     """
     Encloses each keyword with versioned MySQL comment