Evasion – tamper scripts
Tamper scripts are basically used in the evasion of simple filters and Web Application Firewalls (WAFs). They are a collection of in-built scripts which modify the injection vector used by SQLMap. There are cases when WAF detects the injection vectors and blocks the whole process. The following table gives a brief description of various tamper scripts and their usage. The comprehensive table was fabricated by Jake Rogers at http://www.forkbombers.com/ so the entire credit goes to him.
Name | Description |
|---|---|
| Replaces the apostrophe character with its UTF-8 full width counterpart. |
| Replaces the apostrophe character with its illegal double unicode counterpart. |
| Appends the encoded ... |
Get Mastering Modern Web Penetration Testing now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
