def perform_payload_modification(payload):
for encode_type in list(set(settings.MULTI_ENCODED_PAYLOAD[::-1])):
# Add single quotes.
if encode_type == 'singlequotes':
from src.core.tamper import singlequotes
payload = singlequotes.transform(payload)
# Add caret symbol.
elif encode_type == 'backslashes':
from src.core.tamper import backslashes
payload = backslashes.transform(payload)
# Add caret symbol.
elif encode_type == 'caret':
from src.core.tamper import caret
payload = caret.transform(payload)
# Transfomation to nested command
elif encode_type == 'nested':
from src.core.tamper import nested
payload = nested.transform(payload)
for encode_type in list(set(settings.MULTI_ENCODED_PAYLOAD[::-1])):
# Encode payload to hex format.
if encode_type == 'base64encode':
from src.core.tamper import base64encode
payload = base64encode.encode(payload)
# Encode payload to hex format.
if encode_type == 'hexencode':
from src.core.tamper import hexencode
payload = hexencode.encode(payload)
return payload
def check_quotes(payload):
if payload.count("''") >= 10:
if not settings.TAMPER_SCRIPTS['singlequotes']:
if menu.options.tamper:
menu.options.tamper = menu.options.tamper + ",singlequotes"
else:
menu.options.tamper = "singlequotes"
from src.core.tamper import singlequotes
payload = singlequotes.transform(payload)
def perform_payload_modification(payload):
for encode_type in settings.MULTI_ENCODED_PAYLOAD[::-1]:
# Add single quotes.
if encode_type == 'singlequotes':
from src.core.tamper import singlequotes
payload = singlequotes.transform(payload)
for encode_type in settings.MULTI_ENCODED_PAYLOAD[::-1]:
# Encode payload to hex format.
if encode_type == 'base64encode':
from src.core.tamper import base64encode
payload = base64encode.encode(payload)
# Encode payload to hex format.
if encode_type == 'hexencode':
from src.core.tamper import hexencode
payload = hexencode.encode(payload)
return payload
def check_quotes(payload):
# Check for double quotes around of the generated payloads.
if payload.endswith("\""):
if not settings.TAMPER_SCRIPTS['nested']:
if menu.options.tamper:
menu.options.tamper = menu.options.tamper + ",nested"
else:
menu.options.tamper = "nested"
from src.core.tamper import nested
payload = nested.transform(payload)
# Check for (multiple) added quotes between the characters of the generated payloads.
if payload.count("''") >= 10:
if not settings.TAMPER_SCRIPTS['singlequotes']:
if menu.options.tamper:
menu.options.tamper = menu.options.tamper + ",singlequotes"
else:
menu.options.tamper = "singlequotes"
from src.core.tamper import singlequotes
payload = singlequotes.transform(payload)
