1. Support Center
  2. BApp Store
  3. SQLi Query Tampering
Professional Community

SQLi Query Tampering

Sqlmap is a great automated tool for SQL vulnerabilities but it can be a little noisy when you perform pentesting or bug hunting! One of the cool part of Sqlmap is Tampering. Tampering gives us some functions/techniques to evade filters and WAF's.

SQLi Query Tampering gives you the flexibility of manual testing with many powerful evasion techniques. This extension has two part:

  1. Generator:
    • You are able to add your customized payloads
    • All evasion techniques grouped by DBMS type
    • Tampered payloads can be used as a Generator in Intruder or saved to clipboard/file
  2. Processor:
    • You have the ability to choose on of the tamper techniques as your processor
    • The processor can be added as a Payload Processor
    • You can add your payloads and tamper them based on the selected technique. Write one payload per line.

Usage notes:

  • All Tampered Queries (in Generator/Processor) returned in URL-Encoded
  • You can add a decode rule in Payload Processing section if you need URL-decoded payloads
Author Hamid Rezaei
Version 1.3
Last updated 03 September 2020

You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.

You can view the source code for this BApp by visiting our GitHub page.
Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.
Download BApp

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.

Go back to BappStore