20Tools
SQLmap and tamper
Easy10MIN
Many websites protect themselves from SQL injection using WAFs (Web Application Firewalls) or other filters. They prevent direct attacks, but often with very simple logic (for example, blocking the word UNION). The --tamper feature of SQLmap helps to bypass these protections.
How does --tamper work?
--tamper scripts modify the requests sent by SQLmap so that they appear different but still function correctly.
- For example, space2comment replaces spaces with SQL comments (/**/).
- randomcase writes commands with random letter casing (UnIoN SeLeCt).
- charunicodeencode converts characters into Unicode format.
1 / 4
Hakatemia Pro
Learn to hack — start here
Hundreds of interactive courses, virtual labs and CTF challenges in your browser. Start a free trial — no card required.