From b1cd265debb4da01f5ecaf4a0bf95f9da46eabc5 Mon Sep 17 00:00:00 2001 From: Ehsan Nezami Date: Mon, 10 Sep 2018 05:54:45 -0700 Subject: [PATCH] random session use the random session to bypass some web application. --- tamper/randomsession.py | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 tamper/randomsession.py diff --git a/tamper/randomsession.py b/tamper/randomsession.py new file mode 100644 index 000000000..e66642b78 --- /dev/null +++ b/tamper/randomsession.py @@ -0,0 +1,30 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +author: 3H34N +""" +import string +import random +from lib.core.enums import PRIORITY +__priority__ = PRIORITY.NORMAL + +def dependencies(): + pass + +def randomsession(): + length = 32 + chars = string.ascii_letters.lower() + string.digits + password = ''.join(random.choice(chars) for i in range(length)) + return "PHPSESSID="+password + +def tamper(payload, **kwargs): + """ + Append a random session HTTP header 'PHPSESSID' to bypass + WAF (usually application based) protection + """ + + headers = kwargs.get("headers", {}) + headers["Cookie"] = randomsession() + return payload