extend tamper scripts to support decoders for processing responses

2025-08-24 14:04:44 +03:00 · 2013-08-24 00:13:00 +02:00 · 2013-08-24 00:13:00 +02:00 · 5126010ff8
commit 5126010ff8
parent 7cb3ea20dd
4 changed files with 63 additions and 11 deletions
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -842,7 +842,8 @@ def _setTamperingFunctions():
        last_priority = PRIORITY.HIGHEST
        check_priority = True
        resolve_priorities = False
-        priorities = []
+        tamper_priorities = []
+        decode_priorities = []

        for tfile in re.split(PARAMETER_SPLITTING_REGEX, conf.tamper):
            found = False
@ -885,9 +886,17 @@ def _setTamperingFunctions():
            priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__

            for name, function in inspect.getmembers(module, inspect.isfunction):
-                if name == "tamper":
+                if name == "tamper" or name == "decode":
                    found = True
-                    kb.tamperFunctions.append(function)
+
+                    if name == "tamper":
+                        function_list = kb.tamperFunctions
+                        priorities = tamper_priorities
+                    elif name == "decode":
+                        function_list = kb.decodeFunctions
+                        priorities = decode_priorities
+
+                    function_list.append(function)
                    function.func_name = module.__name__

                    if check_priority and priority > last_priority:
@ -913,17 +922,24 @@ def _setTamperingFunctions():
                    function()

            if not found:
-                errMsg = "missing function 'tamper(payload, headers)' "
+                errMsg = "missing function 'tamper(payload, headers)' or 'decode(page, headers, code)'"
                errMsg += "in tamper script '%s'" % tfile
                raise SqlmapGenericException(errMsg)

-        if resolve_priorities and priorities:
-            priorities.sort(reverse=True)
+        if resolve_priorities:
+            tamper_priorities.sort(reverse=True)
            kb.tamperFunctions = []

-            for _, function in priorities:
+            for _, function in tamper_priorities:
                kb.tamperFunctions.append(function)

+            decode_priorities.sort(reverse=True)
+            kb.decodeFunctions = []
+
+            for _, function in decode_priorities:
+                kb.decodeFunctions.append(function)
+
+
 def _setWafFunctions():
    """
    Loads WAF/IDS/IPS detecting functions from script(s)
@ -1698,6 +1714,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
        kb.keywords = set(getFileItems(paths.SQL_KEYWORDS))
        kb.passwordMgr = None
        kb.tamperFunctions = []
+        kb.decodeFunctions = []
        kb.targets = oset()
        kb.testedParams = set()
        kb.userAgents = None
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -249,7 +249,7 @@ def cmdLineParser():
                             help="Injection payload suffix string")

        injection.add_option("--tamper", dest="tamper",
-                             help="Use given script(s) for tampering injection data")
+                             help="Use given script(s) for tampering injection data and/or responses")

        # Detection options
        detection = OptionGroup(parser, "Detection", "These options can be "
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -182,6 +182,13 @@ class Connect(object):

        return retVal

+    @staticmethod
+    def _decode(page, headers = None, code = None):
+        if kb.decodeFunctions:
+            for function in kb.decodeFunctions:
+                page, headers, code= function(page, headers, code)
+        return page, headers, code
+
    @staticmethod
    def getPage(**kwargs):
        """
@ -282,7 +289,7 @@ class Connect(object):
                responseHeaders[URI_HTTP_HEADER] = conn.geturl()
                page = decodePage(page, responseHeaders.get(HTTP_HEADER.CONTENT_ENCODING), responseHeaders.get(HTTP_HEADER.CONTENT_TYPE))

-                return page
+                return Connect._decode(page) # FIXME other return statements return triplet, this did not?!

            elif any((refreshing, crawling)):
                pass
@ -390,7 +397,7 @@ class Connect(object):

            # Return response object
            if response:
-                return conn, None, None
+                return conn, None, None # FIXME dead code?

            # Get HTTP response
            if hasattr(conn, 'redurl'):
@ -590,7 +597,7 @@ class Connect(object):

        logger.log(CUSTOM_LOGGING.TRAFFIC_IN, responseMsg)

-        return page, responseHeaders, code
+        return Connect._decode(page, responseHeaders, code)

    @staticmethod
    def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None, removeReflection=True):
--- a/tamper/base64decode.py
+++ b/tamper/base64decode.py
@ -0,0 +1,28 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import base64
+
+from lib.core.enums import PRIORITY
+
+__priority__ = PRIORITY.LOWEST
+
+def dependencies():
+    pass
+
+def decode(page, headers, code, **kwargs):
+    """
+    Base64 decode a response
+    """
+    print page
+
+    try:
+        retval = base64.b64decode(page)
+    except TypeError: # Decode error
+        retval = page
+
+    return retval, headers, code