working on issue #12

bdamele · bdamele · commit d4922917446d · 2012-07-26T23:11:07.000+01:00
diff --git a/lib/core/agent.py b/lib/core/agent.py
@@ -46,7 +46,7 @@ def payloadDirect(self, query):
 
         if kb.tamperFunctions:
             for function in kb.tamperFunctions:
-                query = function(query)
+                query, _ = function(payload=query, headers=None)
 
         return query
 
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -802,7 +802,7 @@ def __setTamperingFunctions():
             priority = PRIORITY.NORMAL if not hasattr(module, '__priority__') else module.__priority__
 
             for name, function in inspect.getmembers(module, inspect.isfunction):
-                if name == "tamper" and function.func_code.co_argcount == 1:
+                if name == "tamper" and function.func_code.co_argcount == 2:
                     found = True
                     kb.tamperFunctions.append(function)
 
@@ -829,7 +829,9 @@ def __setTamperingFunctions():
                     function()
 
             if not found:
-                raise sqlmapGenericException, "missing function 'tamper(value)' in tamper script '%s'" % tfile
+                errMsg = "missing function 'tamper(payload, headers)' "
+                errMsg += "in tamper script '%s'" % tfile
+                raise sqlmapGenericException, errMsg
 
         if resolve_priorities and priorities:
             priorities.sort(reverse=True)
diff --git a/lib/request/connect.py b/lib/request/connect.py
@@ -550,7 +550,7 @@ def queryPage(value=None, place=None, content=False, getRatioValue=False, silent
         if payload:
             if kb.tamperFunctions:
                 for function in kb.tamperFunctions:
-                    payload = function(payload)
+                    payload, auxHeaders = function(payload=payload, headers=auxHeaders)
 
                 value = agent.replacePayload(value, payload)
 
diff --git a/tamper/apostrophemask.py b/tamper/apostrophemask.py
@@ -12,7 +12,7 @@
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces apostrophe character with its UTF-8 full width counterpart
 
@@ -27,4 +27,4 @@ def tamper(payload):
         * http://lukasz.pilorz.net/testy/full_width_utf/index.phps
     """
 
-    return payload.replace('\'', "%EF%BC%87") if payload else payload
+    return payload.replace('\'', "%EF%BC%87") if payload else payload, headers
diff --git a/tamper/apostrophenullencode.py b/tamper/apostrophenullencode.py
@@ -12,7 +12,7 @@
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces apostrophe character with its illegal double unicode counterpart
 
@@ -21,4 +21,4 @@ def tamper(payload):
         * Output: AND %00%271%00%27=%00%271%00%27
     """
 
-    return payload.replace('\'', "%00%27") if payload else payload
+    return payload.replace('\'', "%00%27") if payload else payload, headers
diff --git a/tamper/appendnullbyte.py b/tamper/appendnullbyte.py
@@ -12,7 +12,7 @@
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Appends encoded NULL byte character at the end of payload
 
@@ -31,4 +31,4 @@ def tamper(payload):
     Reference: http://projects.webappsec.org/w/page/13246949/Null-Byte-Injection
     """
 
-    return "%s%%00" % payload if payload else payload
+    return "%s%%00" % payload if payload else payload, headers
diff --git a/tamper/base64encode.py b/tamper/base64encode.py
@@ -14,7 +14,7 @@
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Base64 all characters in a given payload
 
@@ -23,4 +23,4 @@ def tamper(payload):
         * Output: MScgQU5EIFNMRUVQKDUpIw==
     """
 
-    return base64.b64encode(payload) if payload else payload
+    return base64.b64encode(payload) if payload else payload, headers
diff --git a/tamper/between.py b/tamper/between.py
@@ -12,7 +12,7 @@
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces greater than operator ('>') with 'NOT BETWEEN 0 AND #'
 
@@ -61,5 +61,4 @@ def tamper(payload):
 
             retVal += payload[i]
 
-    return retVal
-
+    return retVal, headers
diff --git a/tamper/chardoubleencode.py b/tamper/chardoubleencode.py
@@ -14,7 +14,7 @@
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Double url-encodes all characters in a given payload (not processing
     already encoded)
@@ -43,4 +43,4 @@ def tamper(payload):
                 retVal += '%%25%.2X' % ord(payload[i])
                 i += 1
 
-    return retVal
+    return retVal, headers
diff --git a/tamper/charencode.py b/tamper/charencode.py
@@ -14,7 +14,7 @@
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Url-encodes all characters in a given payload (not processing already
     encoded)
@@ -50,4 +50,4 @@ def tamper(payload):
                 retVal += '%%%.2X' % ord(payload[i])
                 i += 1
 
-    return retVal
+    return retVal, headers
diff --git a/tamper/charunicodeencode.py b/tamper/charunicodeencode.py
@@ -16,7 +16,7 @@
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against ASP or ASP.NET web applications" % os.path.basename(__file__).split(".")[0])
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Unicode-url-encodes non-encoded characters in a given payload (not
     processing already encoded)
@@ -55,4 +55,4 @@ def tamper(payload):
                 retVal += '%%u%.4X' % ord(payload[i])
                 i += 1
 
-    return retVal
+    return retVal, headers
diff --git a/tamper/equaltolike.py b/tamper/equaltolike.py
@@ -17,7 +17,7 @@
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is unlikely to work against %s" % (os.path.basename(__file__).split(".")[0], DBMS.PGSQL))
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces all occurances of operator equal ('=') with operator 'LIKE'
 
@@ -47,4 +47,4 @@ def process(match):
     if payload:
         retVal = re.sub(r"\s*=\s*", lambda match: process(match), retVal)
 
-    return retVal
+    return retVal, headers
diff --git a/tamper/halfversionedmorekeywords.py b/tamper/halfversionedmorekeywords.py
@@ -21,7 +21,7 @@
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s < 5.1" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Adds versioned MySQL comment before each keyword
 
@@ -55,4 +55,4 @@ def process(match):
         retVal = re.sub(r"(?<=\W)(?P<word>[A-Za-z_]+)(?=\W|\Z)", lambda match: process(match), retVal)
         retVal = retVal.replace(" /*!0", "/*!0")
 
-    return retVal
+    return retVal, headers
diff --git a/tamper/ifnull2ifisnull.py b/tamper/ifnull2ifisnull.py
@@ -12,7 +12,7 @@
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces instances like 'IFNULL(A, B)' with 'IF(ISNULL(A), B, A)'
 
@@ -61,4 +61,4 @@ def tamper(payload):
             else:
                 break
 
-    return payload
+    return payload, headers
diff --git a/tamper/modsecurityversioned.py b/tamper/modsecurityversioned.py
@@ -13,7 +13,7 @@
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Embraces complete query with versioned comment
 
@@ -43,4 +43,4 @@ def tamper(payload):
         if ' ' in payload:
             retVal = "%s /*!30%s%s*/%s" % (payload[:payload.find(' ')], randomInt(3), payload[payload.find(' ') + 1:], postfix)
 
-    return retVal
+    return retVal, headers
diff --git a/tamper/modsecurityzeroversioned.py b/tamper/modsecurityzeroversioned.py
@@ -12,7 +12,7 @@
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Embraces complete query with zero-versioned comment
 
@@ -42,4 +42,4 @@ def tamper(payload):
         if ' ' in payload:
             retVal = "%s /*!00000%s*/%s" % (payload[:payload.find(' ')], payload[payload.find(' ') + 1:], postfix)
 
-    return retVal
+    return retVal, headers
diff --git a/tamper/multiplespaces.py b/tamper/multiplespaces.py
@@ -16,7 +16,7 @@
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Adds multiple spaces around SQL keywords
 
@@ -46,4 +46,4 @@ def tamper(payload):
             retVal = re.sub("(?<=\W)%s(?=[^A-Za-z_(]|\Z)" % word, "%s%s%s" % (' '*random.randrange(1,4), word, ' '*random.randrange(1,4)), retVal)
             retVal = re.sub("(?<=\W)%s(?=[(])" % word, "%s%s" % (' '*random.randrange(1,4), word), retVal)
 
-    return retVal
+    return retVal, headers
diff --git a/tamper/percentage.py b/tamper/percentage.py
@@ -16,7 +16,7 @@
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against ASP web applications" % os.path.basename(__file__).split(".")[0])
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Adds a percentage sign ('%') infront of each character
 
@@ -51,4 +51,4 @@ def tamper(payload):
                 retVal += payload[i]
                 i += 1
 
-    return retVal
+    return retVal, headers
diff --git a/tamper/randomcase.py b/tamper/randomcase.py
@@ -16,7 +16,7 @@
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces each keyword character with random case value
 
@@ -50,4 +50,4 @@ def tamper(payload):
 
                 retVal = retVal.replace(word, _)
 
-    return retVal
+    return retVal, headers
diff --git a/tamper/randomcomments.py b/tamper/randomcomments.py
@@ -13,7 +13,7 @@
 
 __priority__ = PRIORITY.LOW
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Add random comments to SQL keywords
     Example: 'INSERT' becomes 'IN/**/S/**/ERT'
@@ -37,4 +37,4 @@ def tamper(payload):
                 _ += word[-1]
                 retVal = retVal.replace(word, _)
 
-    return retVal
+    return retVal, headers
diff --git a/tamper/securesphere.py b/tamper/securesphere.py
@@ -14,7 +14,7 @@
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Appends special crafted string
 
@@ -27,4 +27,4 @@ def tamper(payload):
         * Reference: http://seclists.org/fulldisclosure/2011/May/163
     """
 
-    return payload + " and '0having'='0having'" if payload else payload
+    return payload + " and '0having'='0having'" if payload else payload, headers
diff --git a/tamper/sp_password.py b/tamper/sp_password.py
@@ -9,7 +9,7 @@
 
 __priority__ = PRIORITY.HIGH
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Appends 'sp_password' to the end of the payload for automatic obfuscation from DBMS logs
 
@@ -30,4 +30,4 @@ def tamper(payload):
     if payload:
         retVal = "%s%ssp_password" % (payload, "-- " if not any(_ if _ in payload else None for _ in ('#', "-- ")) else "")
 
-    return retVal
+    return retVal, headers
diff --git a/tamper/space2comment.py b/tamper/space2comment.py
@@ -12,7 +12,7 @@
 def dependencies():
     pass
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces space character (' ') with comments '/**/'
 
@@ -55,5 +55,4 @@ def tamper(payload):
 
             retVal += payload[i]
 
-    return retVal
-
+    return retVal, headers
diff --git a/tamper/space2dash.py b/tamper/space2dash.py
@@ -12,7 +12,7 @@
 
 __priority__ = PRIORITY.LOW
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces space character (' ') with a dash comment ('--') followed by
     a random string and a new line ('\n')
@@ -46,4 +46,4 @@ def tamper(payload):
             else:
                 retVal += payload[i]
 
-    return retVal
+    return retVal, headers
diff --git a/tamper/space2hash.py b/tamper/space2hash.py
@@ -18,7 +18,7 @@
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces space character (' ') with a pound character ('#') followed by
     a random string and a new line ('\n')
@@ -52,4 +52,4 @@ def tamper(payload):
             else:
                 retVal += payload[i]
 
-    return retVal
+    return retVal, headers
diff --git a/tamper/space2morehash.py b/tamper/space2morehash.py
@@ -21,7 +21,7 @@
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s > 5.1.13" % (os.path.basename(__file__).split(".")[0], DBMS.MYSQL))
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces space character (' ') with a pound character ('#') followed by
     a random string and a new line ('\n')
@@ -66,4 +66,4 @@ def process(match):
             else:
                 retVal += payload[i]
 
-    return retVal
+    return retVal, headers
diff --git a/tamper/space2mssqlblank.py b/tamper/space2mssqlblank.py
@@ -17,7 +17,7 @@
 def dependencies():
     singleTimeWarnMessage("tamper script '%s' is only meant to be run against %s" % (os.path.basename(__file__).split(".")[0], DBMS.MSSQL))
 
-def tamper(payload):
+def tamper(payload, headers):
     """
     Replaces space character (' ') with a random blank character from a
     valid set of alternate characters
@@ -86,4 +86,4 @@ def tamper(payload):
                 
             retVal += payload[i]
 
-    return retVal
+    return retVal, headers
diff --git a/tamper/space2mssqlhash.py b/tamper/space2mssqlhash.py
diff --git a/tamper/space2mysqlblank.py b/tamper/space2mysqlblank.py
diff --git a/tamper/space2mysqldash.py b/tamper/space2mysqldash.py
diff --git a/tamper/space2plus.py b/tamper/space2plus.py
diff --git a/tamper/space2randomblank.py b/tamper/space2randomblank.py
diff --git a/tamper/unionalltounion.py b/tamper/unionalltounion.py
diff --git a/tamper/unmagicquotes.py b/tamper/unmagicquotes.py
diff --git a/tamper/versionedkeywords.py b/tamper/versionedkeywords.py
diff --git a/tamper/versionedmorekeywords.py b/tamper/versionedmorekeywords.py
