cutaway · June 12, 2015 22:19
diff --git a/cookie_parameters.py b/cookie_parameters.py
 #!/usr/bin/env python

 """
 Name:    cookie_parameters.py
 Purpose: An SQLMAP tamper script to handle Cookie GLOBS
 Date:    20150612
 Author:  Don C. Weber (@cutaway) of InGuardians, Inc.
 """

 from lib.core.enums import PRIORITY

 __priority__ = PRIORITY.LOWEST

 DEBUG = False

 def dependencies():
    pass

 def tamper(payload, **kwargs):
    """
    Cookie value has a blog of internal parameters to be tested.

    cookie_name=var0=0&var1=&var2=string&var3=int

    cookie_data: the default cookie value to test. DO NOT include the cookie name as it 
        should be used passed to SQLMAP using the -p command.
    param: the value to be tested
    
    Example:
    cutaway$ ./sqlmap.py -u 'https://testsite.com:443/' --cookie=‘cookie_name=var0=0&var1=&var2=string&var3=int' \
        -p cookie_name --level=2 --tamper=“tamper/cookie_parameters.py" --dbms 'Microsoft SQL Server’
    """

    # Original Cookie GLOB - to be updated with the appropriate cookie from a valid request
    cookie_data = 'var0=0&var1=&var2=string&var3=int'

    # Define which internal cookie parameter to test
    mod_param = 'var0'
    #mod_param = 'var1'
    #mod_param = 'var2'
    #mod_param = 'var3'

    # NOTE: SQLMAP will attempt to merge cookie updates. This tamper script cannot handle these updates. 
    #       Be aware this might negatively impact the session or requests.
    # Example of the SQLMAP message. Select "n" when prompted
    #
    # you provided a HTTP Cookie header value. The target URL provided its own cookies within the \
    #     HTTP Set-Cookie header which intersect with yours. Do you want to merge them in futher requests? [Y/n] n
    #
    # Test and cleanup payload because SQLMAP tries to use the original cookie value when building the payload.
    payload = payload.replace(cookie_data,'')

    # Split GLOB, locate parameter, update it's value
    tmp = cookie_data.split("&")
    for e in range(len(tmp)):
        invar = tmp[e].split('=')
        if invar[0] == mod_param:
            invar[1] = payload
            tmp[e] = '='.join(invar)
            break

    # Pull new payload together and return for sending
    # NOTE: SQLMAP handles URL Encoding all commas, spaces, and semicolons
    if DEBUG: print
    if DEBUG: print "DEBUG COOKIE GLOB:",'&'.join(tmp)
    if DEBUG: print
    return '&'.join(tmp)
	#!/usr/bin/env python

	"""
	Name: cookie_parameters.py
	Purpose: An SQLMAP tamper script to handle Cookie GLOBS
	Date: 20150612
	Author: Don C. Weber (@cutaway) of InGuardians, Inc.
	"""

	from lib.core.enums import PRIORITY

	__priority__ = PRIORITY.LOWEST

	DEBUG = False

	def dependencies():
	pass

	def tamper(payload, **kwargs):
	"""
	Cookie value has a blog of internal parameters to be tested.

	cookie_name=var0=0&var1=&var2=string&var3=int

	cookie_data: the default cookie value to test. DO NOT include the cookie name as it
	should be used passed to SQLMAP using the -p command.
	param: the value to be tested

	Example:
	cutaway$ ./sqlmap.py -u 'https://testsite.com:443/' --cookie=‘cookie_name=var0=0&var1=&var2=string&var3=int' \
	-p cookie_name --level=2 --tamper=“tamper/cookie_parameters.py" --dbms 'Microsoft SQL Server’
	"""

	# Original Cookie GLOB - to be updated with the appropriate cookie from a valid request
	cookie_data = 'var0=0&var1=&var2=string&var3=int'

	# Define which internal cookie parameter to test
	mod_param = 'var0'
	#mod_param = 'var1'
	#mod_param = 'var2'
	#mod_param = 'var3'

	# NOTE: SQLMAP will attempt to merge cookie updates. This tamper script cannot handle these updates.
	# Be aware this might negatively impact the session or requests.
	# Example of the SQLMAP message. Select "n" when prompted
	#
	# you provided a HTTP Cookie header value. The target URL provided its own cookies within the \
	# HTTP Set-Cookie header which intersect with yours. Do you want to merge them in futher requests? [Y/n] n
	#
	# Test and cleanup payload because SQLMAP tries to use the original cookie value when building the payload.
	payload = payload.replace(cookie_data,'')

	# Split GLOB, locate parameter, update it's value
	tmp = cookie_data.split("&")
	for e in range(len(tmp)):
	invar = tmp[e].split('=')
	if invar[0] == mod_param:
	invar[1] = payload
	tmp[e] = '='.join(invar)
	break

	# Pull new payload together and return for sending
	# NOTE: SQLMAP handles URL Encoding all commas, spaces, and semicolons
	if DEBUG: print
	if DEBUG: print "DEBUG COOKIE GLOB:",'&'.join(tmp)
	if DEBUG: print
	return '&'.join(tmp)