- Joined
- Jan 8, 2019
- Messages
- 56,623
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,456
- Points
- 2,313
- Credits
- 32,750
6 Years of Service
76%
SQLi Query Tampering extends and adds custom Payload Generator/Processor in Burp Suite’s Intruder.
Advantages and Benefits
Sqlmap is a great automated tool for SQL vulnerabilities but it can be a little noisy when you perform pentesting or bug hunting! One of the cool parts of Sqlmap is Tampering. Tampering gives us some functions/techniques to evade filters and WAF’s.
SQLi Query Tampering gives you the flexibility of manual testing with many powerful evasion techniques. This extension has two-part:
Generator:
You are able to add your customized payloads
All evasion techniques grouped by DBMS type
Tampered payloads can be used as a Generator in Intruder or saved to clipboard/file