├── README.md
└── jsonescape.py


/README.md:
--------------------------------------------------------------------------------
1 | # json_escape
2 | sqlmap tamper script for unicode escape inside json
3 | 
4 | https://zonksec.com/blog/bypassing-wafs-with-json-unicode-escape-sequences/
5 | 


--------------------------------------------------------------------------------
/jsonescape.py:
--------------------------------------------------------------------------------
 1 | from lib.core.enums import PRIORITY
 2 | __priority__ = PRIORITY.NORMAL
 3 | 
 4 | 
 5 | def tamper(payload, **kwargs):
 6 |    line = payload.encode("hex")
 7 |    n=2
 8 |    groups = [line[i:i+n] for i in range(0, len(line), n)]
 9 |    full = ''
10 |    for x in groups:
11 |        full = full + "\u00" + x
12 |    retVal = full
13 | 
14 |    return retVal


--------------------------------------------------------------------------------