working on issue #12

lib/core/agent.py

@@ -46,7 +46,7 @@ class Agent:
 
         if kb.tamperFunctions:
             for function in kb.tamperFunctions:
-                query = function(query)
+                query, _ = function(payload=query, headers=None)
 
         return query
 

lib/core/option.py

@@ -802,7 +802,7 @@ def __setTamperingFunctions():
             priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__
 
             for name, function in inspect.getmembers(module, inspect.isfunction):
-                if name == "tamper" and function.func_code.co_argcount == 1:
+                if name == "tamper" and function.func_code.co_argcount == 2:
                     found = True
                     kb.tamperFunctions.append(function)
 
@@ -829,7 +829,9 @@ def __setTamperingFunctions():
                     function()
 
             if not found:
-                raise sqlmapGenericException, "missing function 'tamper(value)' in tamper script '%s'" % tfile
+                errMsg = "missing function 'tamper(payload, headers)' "
+                errMsg += "in tamper script '%s'" % tfile
+                raise sqlmapGenericException, errMsg
 
         if resolve_priorities and priorities:
             priorities.sort(reverse=True)

lib/request/connect.py

@@ -550,7 +550,7 @@ class Connect:
         if payload:
             if kb.tamperFunctions:
                 for function in kb.tamperFunctions:
-                    payload = function(payload)
+                    payload, auxHeaders = function(payload=payload, headers=auxHeaders)
 
                 value = agent.replacePayload(value, payload)
 

tamper/apostrophemask.py

@@ -12,7 +12,7 @@ __priority__ = PRIORITY.LOWEST
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces apostrophe character with its UTF-8 full width counterpart
 
@@ -27,4 +27,4 @@ def tamper(payload):
         * http://lukasz.pilorz.net/testy/full_width_utf/index.phps
     """
 
-    return payload.replace('\'', "%EF%BC%87") if payload else payload
+    return payload.replace('\'', "%EF%BC%87") if payload else payload, headers

tamper/apostrophenullencode.py

@@ -12,7 +12,7 @@ __priority__ = PRIORITY.LOWEST
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces apostrophe character with its illegal double unicode counterpart
 
@@ -21,4 +21,4 @@ def tamper(payload):
         * Output: AND %00%271%00%27=%00%271%00%27
     """
 
-    return payload.replace('\'', "%00%27") if payload else payload
+    return payload.replace('\'', "%00%27") if payload else payload, headers

tamper/appendnullbyte.py

@@ -12,7 +12,7 @@ __priority__ = PRIORITY.LOWEST
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Appends encoded NULL byte character at the end of payload
 
@@ -31,4 +31,4 @@ def tamper(payload):
     Reference: http://projects.webappsec.org/w/page/13246949/Null-Byte-Injection
     """
 
-    return "%s%%00" % payload if payload else payload
+    return "%s%%00" % payload if payload else payload, headers

tamper/base64encode.py

@@ -14,7 +14,7 @@ __priority__ = PRIORITY.LOWEST
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Base64 all characters in a given payload
 
@@ -23,4 +23,4 @@ def tamper(payload):
         * Output: MScgQU5EIFNMRUVQKDUpIw==
     """
 
-    return base64.b64encode(payload) if payload else payload
+    return base64.b64encode(payload) if payload else payload, headers

tamper/between.py

@@ -12,7 +12,7 @@ __priority__ = PRIORITY.HIGHEST
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #'
 
@@ -61,5 +61,4 @@ def tamper(payload):
 
             retVal += payload[i]
 
-    return retVal
+    return retVal, headers
-

tamper/chardoubleencode.py

@@ -14,7 +14,7 @@ __priority__ = PRIORITY.LOW
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Double url-encodes all characters in a given payload (not processing
     already encoded)
@@ -43,4 +43,4 @@ def tamper(payload):
                 retVal += '%%25%.2X' % ord(payload[i])
                 i += 1
 
-    return retVal
+    return retVal, headers

tamper/charencode.py

@@ -14,7 +14,7 @@ __priority__ = PRIORITY.LOWEST
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Url-encodes all characters in a given payload (not processing already
     encoded)
@@ -50,4 +50,4 @@ def tamper(payload):
                 retVal += '%%%.2X' % ord(payload[i])
                 i += 1
 
-    return retVal
+    return retVal, headers

tamper/charunicodeencode.py

@@ -16,7 +16,7 @@ __priority__ = PRIORITY.LOWEST
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against ASP or ASP.NET web applications" % os.path.basename(__file__).split(".")[0])
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Unicode-url-encodes non-encoded characters in a given payload (not
     processing already encoded)
@@ -55,4 +55,4 @@ def tamper(payload):
                 retVal += '%%u%.4X' % ord(payload[i])
                 i += 1
 
-    return retVal
+    return retVal, headers

tamper/equaltolike.py

@@ -17,7 +17,7 @@ __priority__ = PRIORITY.HIGHEST
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is unlikely to work against %s" % (os.path.basename(__file__).split(".")[0], DBMS.PGSQL))
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces all occurances of operator equal ('=') with operator 'LIKE'
 
@@ -47,4 +47,4 @@ def tamper(payload):
     if payload:
         retVal = re.sub(r"\s*=\s*", lambda match: process(match), retVal)
 
-    return retVal
+    return retVal, headers

tamper/halfversionedmorekeywords.py

@@ -21,7 +21,7 @@ __priority__ = PRIORITY.HIGHER
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s < 5.1" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Adds versioned MySQL comment before each keyword
 
@@ -55,4 +55,4 @@ def tamper(payload):
         retVal = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=\W|\Z)", lambda match: process(match), retVal)
         retVal = retVal.replace(" /*!0", "/*!0")
 
-    return retVal
+    return retVal, headers

tamper/ifnull2ifisnull.py

@@ -12,7 +12,7 @@ __priority__ = PRIORITY.HIGHEST
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)'
 
@@ -61,4 +61,4 @@ def tamper(payload):
             else:
                 break
 
-    return payload
+    return payload, headers

tamper/modsecurityversioned.py

@@ -13,7 +13,7 @@ __priority__ = PRIORITY.HIGHER
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Embraces complete query with versioned comment
 
@@ -43,4 +43,4 @@ def tamper(payload):
         if ' ' in payload:
             retVal = "%s /*!30%s%s*/%s" % (payload[:payload.find(' ')], randomInt(3), payload[payload.find(' ') + 1:], postfix)
 
-    return retVal
+    return retVal, headers

tamper/modsecurityzeroversioned.py

@@ -12,7 +12,7 @@ __priority__ = PRIORITY.HIGHER
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Embraces complete query with zero-versioned comment
 
@@ -42,4 +42,4 @@ def tamper(payload):
         if ' ' in payload:
             retVal = "%s /*!00000%s*/%s" % (payload[:payload.find(' ')], payload[payload.find(' ') + 1:], postfix)
 
-    return retVal
+    return retVal, headers

tamper/multiplespaces.py

@@ -16,7 +16,7 @@ __priority__ = PRIORITY.NORMAL
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Adds multiple spaces around SQL keywords
 
@@ -46,4 +46,4 @@ def tamper(payload):
             retVal = re.sub("(?<=\W)%s(?=[^A-Za-z_(]|\Z)" % word, "%s%s%s" % (' '*random.randrange(1,4), word, ' '*random.randrange(1,4)), retVal)
             retVal = re.sub("(?<=\W)%s(?=[(])" % word, "%s%s" % (' '*random.randrange(1,4), word), retVal)
 
-    return retVal
+    return retVal, headers

tamper/percentage.py

@@ -16,7 +16,7 @@ __priority__ = PRIORITY.LOW
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against ASP web applications" % os.path.basename(__file__).split(".")[0])
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Adds a percentage sign ('%') infront of each character
 
@@ -51,4 +51,4 @@ def tamper(payload):
                 retVal += payload[i]
                 i += 1
 
-    return retVal
+    return retVal, headers

tamper/randomcase.py

@@ -16,7 +16,7 @@ __priority__ = PRIORITY.NORMAL
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces each keyword character with random case value
 
@@ -50,4 +50,4 @@ def tamper(payload):
 
                 retVal = retVal.replace(word, _)
 
-    return retVal
+    return retVal, headers

tamper/randomcomments.py

@@ -13,7 +13,7 @@ from lib.core.enums import PRIORITY
 
 __priority__ = PRIORITY.LOW
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Add random comments to SQL keywords
     Example: 'INSERT' becomes 'IN/**/S/**/ERT'
@@ -37,4 +37,4 @@ def tamper(payload):
                 _ += word[-1]
                 retVal = retVal.replace(word, _)
 
-    return retVal
+    return retVal, headers

tamper/securesphere.py

@@ -14,7 +14,7 @@ __priority__ = PRIORITY.NORMAL
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Appends special crafted string
 
@@ -27,4 +27,4 @@ def tamper(payload):
         * Reference: http://seclists.org/fulldisclosure/2011/May/163
     """
 
-    return payload + " and '0having'='0having'" if payload else payload
+    return payload + " and '0having'='0having'" if payload else payload, headers

tamper/sp_password.py

@@ -9,7 +9,7 @@ from lib.core.enums import PRIORITY
 
 __priority__ = PRIORITY.HIGH
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Appends 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs
 
@@ -30,4 +30,4 @@ def tamper(payload):
     if payload:
         retVal = "%s%ssp_password" % (payload, "-- " if not any(_ if _ in payload else None for _ in ('#', "-- ")) else "")
 
-    return retVal
+    return retVal, headers

tamper/space2comment.py

@@ -12,7 +12,7 @@ __priority__ = PRIORITY.LOW
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces space character (' ') with comments '/**/'
 
@@ -55,5 +55,4 @@ def tamper(payload):
 
             retVal += payload[i]
 
-    return retVal
+    return retVal, headers
-

tamper/space2dash.py

@@ -12,7 +12,7 @@ from lib.core.enums import PRIORITY
 
 __priority__ = PRIORITY.LOW
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces space character (' ') with a dash comment ('--') followed by
     a random string and a new line ('\n')
@@ -46,4 +46,4 @@ def tamper(payload):
             else:
                 retVal += payload[i]
 
-    return retVal
+    return retVal, headers

tamper/space2hash.py

@@ -18,7 +18,7 @@ __priority__ = PRIORITY.LOW
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces space character (' ') with a pound character ('#') followed by
     a random string and a new line ('\n')
@@ -52,4 +52,4 @@ def tamper(payload):
             else:
                 retVal += payload[i]
 
-    return retVal
+    return retVal, headers

tamper/space2morehash.py

@@ -21,7 +21,7 @@ __priority__ = PRIORITY.LOW
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s > 5.1.13" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces space character (' ') with a pound character ('#') followed by
     a random string and a new line ('\n')
@@ -66,4 +66,4 @@ def tamper(payload):
             else:
                 retVal += payload[i]
 
-    return retVal
+    return retVal, headers

tamper/space2mssqlblank.py

@@ -17,7 +17,7 @@ __priority__ = PRIORITY.LOW
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MSSQL))
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces space character (' ') with a random blank character from a
     valid set of alternate characters
@@ -86,4 +86,4 @@ def tamper(payload):
                 
             retVal += payload[i]
 
-    return retVal
+    return retVal, headers

tamper/space2mssqlhash.py

@@ -9,7 +9,7 @@ from lib.core.enums import PRIORITY
 
 __priority__ = PRIORITY.LOW
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces space character (' ') with a pound character ('#') followed by
     a new line ('\n')
@@ -38,4 +38,4 @@ def tamper(payload):
             else:
                 retVal += payload[i]
 
-    return retVal
+    return retVal, headers

tamper/space2mysqlblank.py

@@ -17,7 +17,7 @@ __priority__ = PRIORITY.LOW
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces space character (' ') with a random blank character from a
     valid set of alternate characters
@@ -69,4 +69,4 @@ def tamper(payload):
 
             retVal += payload[i]
 
-    return retVal
+    return retVal, headers

tamper/space2mysqldash.py

@@ -16,7 +16,7 @@ __priority__ = PRIORITY.LOW
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces space character (' ') with a dash comment ('--') followed by
     a new line ('\n')
@@ -47,4 +47,4 @@ def tamper(payload):
             else:
                 retVal += payload[i]
 
-    return retVal
+    return retVal, headers

tamper/space2plus.py

@@ -12,7 +12,7 @@ __priority__ = PRIORITY.LOW
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces space character (' ') with plus ('+')
 
@@ -51,4 +51,4 @@ def tamper(payload):
 
             retVal += payload[i]
 
-    return retVal
+    return retVal, headers

tamper/space2randomblank.py

@@ -14,7 +14,7 @@ __priority__ = PRIORITY.LOW
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces space character (' ') with a random blank character from a
     valid set of alternate characters
@@ -64,4 +64,4 @@ def tamper(payload):
 
             retVal += payload[i]
 
-    return retVal
+    return retVal, headers

tamper/unionalltounion.py

@@ -14,7 +14,7 @@ __priority__ = PRIORITY.HIGHEST
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces UNION ALL SELECT with UNION SELECT
 
@@ -23,4 +23,4 @@ def tamper(payload):
         * Output: -1 UNION SELECT
     """
 
-    return payload.replace("UNION ALL SELECT", "UNION SELECT") if payload else payload
+    return payload.replace("UNION ALL SELECT", "UNION SELECT") if payload else payload, headers

tamper/unmagicquotes.py

@@ -14,7 +14,7 @@ __priority__ = PRIORITY.NORMAL
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces quote character (') with a multi-byte combo %bf%27 together with
     generic comment at the end (to make it work)
@@ -48,4 +48,4 @@ def tamper(payload):
             retVal = re.sub("\s*(AND|OR)[\s(]+'[^']+'\s*(=|LIKE)\s*'.*", "", retVal)
             retVal += "-- "
 
-    return retVal
+    return retVal, headers

tamper/versionedkeywords.py

@@ -18,7 +18,7 @@ __priority__ = PRIORITY.HIGHER
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Encloses each non-function keyword with versioned MySQL comment
 
@@ -50,4 +50,4 @@ def tamper(payload):
         retVal = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=[^\w(]|\Z)", lambda match: process(match), retVal)
         retVal = retVal.replace(" /*!", "/*!").replace("*/ ", "*/")
 
-    return retVal
+    return retVal, headers

tamper/versionedmorekeywords.py

@@ -19,7 +19,7 @@ __priority__ = PRIORITY.HIGHER
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s >= 5.1.13" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Encloses each keyword with versioned MySQL comment
 
@@ -51,4 +51,4 @@ def tamper(payload):
         retVal = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=\W|\Z)", lambda match: process(match), retVal)
         retVal = retVal.replace(" /*!", "/*!").replace("*/ ", "*/")
 
-    return retVal
+    return retVal, headers