HAKATEMIA
20Tools

SQLmap and tamper

Easy10MIN

Many websites protect themselves from SQL injection using WAFs (Web Application Firewalls) or other filters. They prevent direct attacks, but often with very simple logic (for example, blocking the word UNION). The --tamper feature of SQLmap helps to bypass these protections.

How does --tamper work?

--tamper scripts modify the requests sent by SQLmap so that they appear different but still function correctly.

  • For example, space2comment replaces spaces with SQL comments (/**/).
  • randomcase writes commands with random letter casing (UnIoN SeLeCt).
  • charunicodeencode converts characters into Unicode format.
1 / 4
Hakatemia Pro

Learn to hack — start here

Hundreds of interactive courses, virtual labs and CTF challenges in your browser. Start a free trial — no card required.