Hex Entity Encoding in SQLmap

Question

I am using SQLmap and want to hex-entity-encode the input before SQLmap sends it to the server.

For example, hex-entity-encoding of "abc" should return abc

I know that I should use a python tamper script which should hex-entity-encode the given input. But I don't know how I could hex-entity-encode data in Python.

May someone can help?

score 0 · Answer 1 · answered Nov 15 '22 at 11:38

Apply formatted string literals (also called f-strings for short) e.g. as follows:

a_string = 'abc Trường An Tô Nguyễn'
''.join([f'&#x{ord(ch):x};' for ch in a_string])
# '&#x61;&#x62;&#x63;&#x20;&#x54;&#x72;&#x1b0;&#x1edd;&#x6e;&#x67;&#x20;&#x41;&#x6e;&#x20;&#x54;&#xf4;&#x20;&#x4e;&#x67;&#x75;&#x79;&#x1ec5;&#x6e;'

or e.g. (see Format Specification Mini-Language)

''.join([f'&#x{ord(ch):04x};' for ch in a_string])
#'&#x0061;&#x0062;&#x0063;&#x0020;&#x0054;&#x0072;&#x01b0;&#x1edd;&#x006e;&#x0067;&#x0020;&#x0041;&#x006e;&#x0020;&#x0054;&#x00f4;&#x0020;&#x004e;&#x0067;&#x0075;&#x0079;&#x1ec5;&#x006e;'

Hex Entity Encoding in SQLmap

1 Answers1