From b1cd265debb4da01f5ecaf4a0bf95f9da46eabc5 Mon Sep 17 00:00:00 2001
From: Ehsan Nezami <ehsan.empire1@gmail.com>
Date: Mon, 10 Sep 2018 05:54:45 -0700
Subject: [PATCH] random session

use the random session to bypass some web application.
---
 tamper/randomsession.py | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 tamper/randomsession.py

diff --git a/tamper/randomsession.py b/tamper/randomsession.py
new file mode 100644
index 000000000..e66642b78
--- /dev/null
+++ b/tamper/randomsession.py
@@ -0,0 +1,30 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
+See the file 'LICENSE' for copying permission
+author: 3H34N
+"""
+import string
+import random
+from lib.core.enums import PRIORITY
+__priority__ = PRIORITY.NORMAL
+
+def dependencies():
+    pass
+
+def randomsession():
+	length = 32
+	chars = string.ascii_letters.lower() + string.digits
+	password = ''.join(random.choice(chars) for i in range(length))
+	return "PHPSESSID="+password
+
+def tamper(payload, **kwargs):
+    """
+    Append a random session HTTP header 'PHPSESSID' to bypass
+    WAF (usually application based) protection
+    """
+
+    headers = kwargs.get("headers", {})
+    headers["Cookie"] = randomsession()
+    return payload