Hi. In your case I would do this:
1) Decode original base64 value and give it to the sqlmap in decoded form (e.g. id=123 instead of original id=313233) 2) Use --tamper=base64encode Kind regards, Miroslav Stampar On Thu, Oct 30, 2014 at 1:15 PM, Konrads Smelkovs <konr...@smelkovs.com> wrote: > Hello, > > I am writing a small modification which would allow to tamper/decode > variables in the request? > As I understand that the parameters are decoded/parsed into a dict > after option.py:2323 (parseTargetDirect()), but where can I access the > full, parsed dict of the get/post/cookie values? > > (specifically I have a base64 encoded string as a parameter and to > insert the payload, the parameter must be base64-decoded, injected and > then encoded back) > > > -- > Konrads Smelkovs > Applied IT sorcery. > > > ------------------------------------------------------------------------------ > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar http://about.me/stamparm
------------------------------------------------------------------------------
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
