sqlmap绕过WAF的思路总结
1、设置请求头
--user-agent="Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0"2、设置代理
--proxy=http://127.0.0.1:80803、设置延迟
--delay=14、利用--tamper参数中的编码脚本
普通tamper搭配方式:
tamper=apostrophemask,apostrophenullencode,base64encode,between,chardoubleencode,charencode,charunicodeencode,equaltolike,greatest,ifnull2ifisnull,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2plus,space2randomblank,unionalltounion,unmagicquotesMSSQL的搭配方式:
tamper=between,charencode,charunicodeencode,equaltolike,greatest,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,sp_password,space2comment,space2dash,space2mssqlblank,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotesMySql的搭配方式:
tamper=between,bluecoat,charencode,charunicodeencode,concat2concatws,equaltolike,greatest,halfversionedmorekeywords,ifnull2ifisnull,modsecurityversioned,modsecurityzeroversioned,multiplespaces,nonrecursivereplacement,percentage,randomcase,securesphere,space2comment,space2hash,space2morehash,space2mysqldash,space2plus,space2randomblank,unionalltounion,unmagicquotes,versionedkeywords,versionedmorekeywords,xforwardedfor5、编写中转脚本
参考文章:https://mp.weixin.qq.com/s?__biz=MzAwMjA5OTY5Ng==&mid=2247499382&idx=1&sn=d3d84ba483f2ad0fd690f3d81d463ee7&chksm=9acd2ee9adbaa7ffa44053ac1c3d8e6c62ef3f65f3757d5c29193e894d4ad2e1775d53109336&cur_album_id=1841592383340101635&scene=189#wechat_redirect
浙公网安备 33010602011771号