2017-10-10 22:59:01 +00:00
|
|
|
import string
|
|
|
|
|
|
|
|
|
|
from lib.core.settings import (
|
|
|
|
|
logger,
|
|
|
|
|
set_color
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
2017-10-31 18:17:33 +00:00
|
|
|
def tamper(payload, **kwargs):
|
|
|
|
|
warning = kwargs.get("warning", True)
|
|
|
|
|
|
2017-10-10 22:59:01 +00:00
|
|
|
if warning:
|
|
|
|
|
logger.warning(set_color(
|
|
|
|
|
"enclosing brackets is meant to be used as an obfuscation "
|
2017-12-07 13:27:20 +00:00
|
|
|
"against an already valid vulnerable site", level=30
|
2017-10-10 22:59:01 +00:00
|
|
|
))
|
|
|
|
|
|
|
|
|
|
to_enclose = string.digits
|
|
|
|
|
retval = ""
|
|
|
|
|
for char in payload:
|
|
|
|
|
if char in to_enclose:
|
|
|
|
|
char = "['{}']".format(char)
|
|
|
|
|
retval += char
|
|
|
|
|
else:
|
|
|
|
|
retval += char
|
|
|
|
|
return retval
|