├── README.md └── jsonescape.py /README.md: -------------------------------------------------------------------------------- 1 | # json_escape 2 | sqlmap tamper script for unicode escape inside json 3 | 4 | https://zonksec.com/blog/bypassing-wafs-with-json-unicode-escape-sequences/ 5 | -------------------------------------------------------------------------------- /jsonescape.py: -------------------------------------------------------------------------------- 1 | from lib.core.enums import PRIORITY 2 | __priority__ = PRIORITY.NORMAL 3 | 4 | 5 | def tamper(payload, **kwargs): 6 |    line = payload.encode("hex") 7 |    n=2 8 |    groups = [line[i:i+n] for i in range(0, len(line), n)] 9 |    full = '' 10 |    for x in groups: 11 |        full = full + "\u00" + x 12 |    retVal = full 13 | 14 |    return retVal --------------------------------------------------------------------------------