sqlmap tamper编写

#!/usr/bin/env python

"""
Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/)
See the file 'doc/COPYING' for copying permission
"""

from lib.core.enums import PRIORITY

__priority__ = PRIORITY.LOW

def dependencies():
    pass

def tamper(payload, **kwargs):
    payload = payload.replace('UNION','/*8888888888888UNION')
    print kwargs
    return payload

 

说明:

tamper 就是 sqlmap 注入的 payload

kwargs 是一些header 信息