SQLi Query Tampering
Sqlmap is a great automated tool for SQL vulnerabilities but it can be a little noisy when you perform pentesting or bug hunting! One of the cool part of Sqlmap is Tampering. Tampering gives us some functions/techniques to evade filters and WAF's.
SQLi Query Tampering gives you the flexibility of manual testing with many powerful evasion techniques. This extension has two part:
- You are able to add your customized payloads
- All evasion techniques grouped by DBMS type
- Tampered payloads can be used as a Generator in Intruder or saved to clipboard/file
- You have the ability to choose on of the tamper techniques as your processor
- The processor can be added as a Payload Processor
- You can add your payloads and tamper them based on the selected technique. Write one payload per line.
- All Tampered Queries (in Generator/Processor) returned in URL-Encoded
- You can add a decode rule in Payload Processing section if you need URL-decoded payloads
|Last updated||03 September 2020|
You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.
|You can view the source code for this BApp by visiting our GitHub page.|
|Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.|
Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.