def check_quotes(payload):
# Check for double quotes around of the generated payloads.
if payload.endswith("\""):
if not settings.TAMPER_SCRIPTS['nested']:
if menu.options.tamper:
menu.options.tamper = menu.options.tamper + ",nested"
else:
menu.options.tamper = "nested"
from src.core.tamper import nested
payload = nested.tamper(payload)
# Check for (multiple) added double-quotes between the characters of the generated payloads.
if payload.count("\"") >= 10:
if not settings.TAMPER_SCRIPTS['doublequotes']:
if menu.options.tamper:
menu.options.tamper = menu.options.tamper + ",doublequotes"
else:
menu.options.tamper = "doublequotes"
from src.core.tamper import doublequotes
payload = doublequotes.tamper(payload)
# Check for (multiple) added single-quotes between the characters of the generated payloads.
if payload.count("''") >= 10:
if not settings.TAMPER_SCRIPTS['singlequotes']:
if menu.options.tamper:
menu.options.tamper = menu.options.tamper + ",singlequotes"
else:
menu.options.tamper = "singlequotes"
from src.core.tamper import singlequotes
payload = singlequotes.tamper(payload)
def perform_payload_modification(payload):
for encode_type in list(set(settings.MULTI_ENCODED_PAYLOAD[::-1])):
# sleep to usleep
if encode_type == 'sleep2timeout':
from src.core.tamper import sleep2timeout
payload = sleep2timeout.tamper(payload)
# sleep to usleep
if encode_type == 'sleep2usleep':
from src.core.tamper import sleep2usleep
payload = sleep2usleep.tamper(payload)
# Add double-quotes.
if encode_type == 'doublequotes':
from src.core.tamper import doublequotes
payload = doublequotes.tamper(payload)
# Add single-quotes.
if encode_type == 'singlequotes':
from src.core.tamper import singlequotes
payload = singlequotes.tamper(payload)
# Add caret symbol.
elif encode_type == 'backslashes':
from src.core.tamper import backslashes
payload = backslashes.tamper(payload)
# Add caret symbol.
elif encode_type == 'caret':
from src.core.tamper import caret
payload = caret.tamper(payload)
# Transfomation to nested command
elif encode_type == 'nested':
from src.core.tamper import nested
payload = nested.tamper(payload)
# Add dollar sign followed by an at-sign.
elif encode_type == 'dollaratsigns':
from src.core.tamper import dollaratsigns
payload = dollaratsigns.tamper(payload)
for encode_type in list(set(settings.MULTI_ENCODED_PAYLOAD[::-1])):
# Encode payload to hex format.
if encode_type == 'base64encode':
from src.core.tamper import base64encode
payload = base64encode.tamper(payload)
# Encode payload to hex format.
if encode_type == 'hexencode':
from src.core.tamper import hexencode
payload = hexencode.tamper(payload)
return payload
def perform_payload_modification(payload):
for encode_type in list(set(settings.MULTI_ENCODED_PAYLOAD[::-1])):
# sleep to usleep
if encode_type == 'sleep2timeout':
from src.core.tamper import sleep2timeout
payload = sleep2timeout.tamper(payload)
# sleep to usleep
if encode_type == 'sleep2usleep':
from src.core.tamper import sleep2usleep
payload = sleep2usleep.tamper(payload)
# Add single quotes.
if encode_type == 'singlequotes':
from src.core.tamper import singlequotes
payload = singlequotes.tamper(payload)
# Add caret symbol.
elif encode_type == 'backslashes':
from src.core.tamper import backslashes
payload = backslashes.tamper(payload)
# Add caret symbol.
elif encode_type == 'caret':
from src.core.tamper import caret
payload = caret.tamper(payload)
# Transfomation to nested command
elif encode_type == 'nested':
from src.core.tamper import nested
payload = nested.tamper(payload)
# Add dollar sign followed by an at-sign.
elif encode_type == 'dollaratsigns':
from src.core.tamper import dollaratsigns
payload = dollaratsigns.tamper(payload)
for encode_type in list(set(settings.MULTI_ENCODED_PAYLOAD[::-1])):
# Encode payload to hex format.
if encode_type == 'base64encode':
from src.core.tamper import base64encode
payload = base64encode.tamper(payload)
# Encode payload to hex format.
if encode_type == 'hexencode':
from src.core.tamper import hexencode
payload = hexencode.tamper(payload)
return payload
def check_quotes(payload):
# Check for double quotes around of the generated payloads.
if payload.endswith("\""):
if not settings.TAMPER_SCRIPTS['nested']:
if menu.options.tamper:
menu.options.tamper = menu.options.tamper + ",nested"
else:
menu.options.tamper = "nested"
from src.core.tamper import nested
payload = nested.tamper(payload)
# Check for (multiple) added quotes between the characters of the generated payloads.
if payload.count("''") >= 10:
if not settings.TAMPER_SCRIPTS['singlequotes']:
if menu.options.tamper:
menu.options.tamper = menu.options.tamper + ",singlequotes"
else:
menu.options.tamper = "singlequotes"
from src.core.tamper import singlequotes
payload = singlequotes.tamper(payload)
