From dd240375e3ca1882e9b213b95bfa5a596d1830b7 Mon Sep 17 00:00:00 2001
From: noamiscool <nmoshe96@gmail.com>
Date: Tue, 13 Dec 2022 10:38:00 +0000
Subject: [PATCH] Added generic JSON WAF bypass

---
 doc/THANKS.md                      |  3 +++
 tamper/json_waf_bypass_mysql.py    | 10 ++++------
 tamper/json_waf_bypass_postgres.py | 12 ++++++------
 tamper/json_waf_bypass_sqlite.py   | 10 +++++-----
 4 files changed, 18 insertions(+), 17 deletions(-)

diff --git a/doc/THANKS.md b/doc/THANKS.md
index dc49071a9..fdbabaf57 100644
--- a/doc/THANKS.md
+++ b/doc/THANKS.md
@@ -789,6 +789,9 @@ x, <deep_freeze(at)mail.ru>
 zhouhx, <zhouhx(at)knownsec.com>
 * for contributing a minor patch
 
+Noam Moshe Claroty Team82
+* for contributing WAF scripts json_waf_bypass_postgres.py, json_waf_bypass_sqlite.py, json_waf_bypass_mysql.py
+
 # Organizations
 
 Black Hat team, <info(at)blackhat.com>
diff --git a/tamper/json_waf_bypass_mysql.py b/tamper/json_waf_bypass_mysql.py
index 24fef8131..e2b15d4dc 100644
--- a/tamper/json_waf_bypass_mysql.py
+++ b/tamper/json_waf_bypass_mysql.py
@@ -95,13 +95,8 @@ def generate_random_payload():
 
 def tamper(payload, **kwargs):
     """
-    This SQLMap tamper script was written by Noam Moshe of Claroty Team82. To read more about this novel
-    WAF bypass, read our blog:
-        https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
         
-    Bypasses generic WAFs using JSON SQL Syntax. For more details, see our talk in BH EU 2022
-    https://www.blackhat.com/eu-22/briefings/schedule/#js-on-security-off-abusing-json-based-sql-queries-28774
-
+    Bypasses generic WAFs using JSON SQL Syntax.
     For more details about JSON in MySQL - https://dev.mysql.com/doc/refman/5.7/en/json-function-reference.html
 
     Tested against:
@@ -111,6 +106,9 @@ def tamper(payload, **kwargs):
         python3 sqlmap.py <TARGET> --tamper json_waf_bypass_mysql.py
 
     Notes:
+        * References: 
+            * https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf 
+            * https://www.blackhat.com/eu-22/briefings/schedule/#js-on-security-off-abusing-json-based-sql-queries-28774
         * Usefull for bypassing any JSON-unaware WAFs with minor-to-no adjusments
         * JSON techniques were tested againts the following WAF vendors:
             * Amazon AWS ELB
diff --git a/tamper/json_waf_bypass_postgres.py b/tamper/json_waf_bypass_postgres.py
index 0a735fe3f..bc368ebfd 100644
--- a/tamper/json_waf_bypass_postgres.py
+++ b/tamper/json_waf_bypass_postgres.py
@@ -140,12 +140,8 @@ def generate_random_payload():
 
 def tamper(payload, **kwargs):
     """
-    This SQLMap tamper script was written by Noam Moshe of Claroty Team82. To read more about this novel
-    WAF bypass, read our blog:
-        https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
-        
-    Bypasses generic WAFs using JSON SQL Syntax. For more details, see our talk in BH EU 2022
-    https://www.blackhat.com/eu-22/briefings/schedule/#js-on-security-off-abusing-json-based-sql-queries-28774
+    
+    Bypasses generic WAFs using JSON SQL Syntax.
 
     For more details about JSON in PostgreSQL - https://www.postgresql.org/docs/9.3/functions-json.html
 
@@ -156,6 +152,10 @@ def tamper(payload, **kwargs):
         python3 sqlmap.py <TARGET> --tamper json_waf_bypass_postgres.py
 
     Notes:
+
+        * References: 
+            * https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf 
+            * https://www.blackhat.com/eu-22/briefings/schedule/#js-on-security-off-abusing-json-based-sql-queries-28774
         * Usefull for bypassing any JSON-unaware WAFs with minor-to-no adjusments
         * JSON techniques were tested againts the following WAF vendors:
             * Amazon AWS ELB
diff --git a/tamper/json_waf_bypass_sqlite.py b/tamper/json_waf_bypass_sqlite.py
index ffbab5895..ce0c4507e 100644
--- a/tamper/json_waf_bypass_sqlite.py
+++ b/tamper/json_waf_bypass_sqlite.py
@@ -112,12 +112,8 @@ def generate_random_payload():
 
 def tamper(payload, **kwargs):
 	"""
-    This SQLMap tamper script was written by Noam Moshe of Claroty Team82. To read more about this novel
-    WAF bypass, read our blog:
-        https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
         
-    Bypasses generic WAFs using JSON SQL Syntax. For more details, see our talk in BH EU 2022
-    https://www.blackhat.com/eu-22/briefings/schedule/#js-on-security-off-abusing-json-based-sql-queries-28774
+    Bypasses generic WAFs using JSON SQL Syntax. 
 
     For more details about JSON in SQLite - https://www.sqlite.org/json1.html
 
@@ -128,6 +124,10 @@ def tamper(payload, **kwargs):
         python3 sqlmap.py <TARGET> --tamper json_waf_bypass_sqlite.py
 
     Notes:
+
+    	* References: 
+            * https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf 
+            * https://www.blackhat.com/eu-22/briefings/schedule/#js-on-security-off-abusing-json-based-sql-queries-28774
         * Usefull for bypassing any JSON-unaware WAFs with minor-to-no adjusments
         * JSON techniques were tested againts the following WAF vendors:
             * Amazon AWS ELB