Shulou(Shulou.com)05/31 Report--

This article introduces how the batch injection plug-in generated by Burpsuit combined with SQLMapAPI is very detailed. Interested friends can use it for reference. I hope it will be helpful to you.

1.1 changes:

Add filter settin

Optimize the display result

Increase the operation prompt information

Add regular matching of domain names

The whole plug-in is divided into three panels: task panel, sqlmapapi parameter configuration panel, filter conditions panel.

Task panel

Server: IP and port of the SQLmapapi service

THREAD: number of tasks detected at the same time

Domain: domain name to be detected. Regular matching is supported.

CLEAN: clear task cache list

TEST: test whether the connection to SQLmapapi is successful

START: turn on detection

At the bottom left is the task list and task status, below the button on the right is the information prompt area, and below are the request details and scan results.

Sqlmapapi parameter configuration panel

The settings here refer to the parameter settings of sqlmap.

Tamper: in the list is the tamper that comes with sqlmap, and the input box can be filled with custom tamper separated by "," commas.

LogFile: sets the scan log file, which is stored as the path on the sqlmapapi server.

Filter criteria panel

ExcludeSuffix: used to exclude requests with specified suffixes and match with rules. For example: picture, css, js and so on.

IngoreCase: limits whether ExcludeSuffix is case-sensitive. The default is not case-sensitive.

IngoreParams: parameters that need to be ignored when repeating the request, separated by commas, such as the random number timeStamp in the request, etc.

ExcludeParams: when filtering a request, if this parameter exists, the request will not be added to the list to be tested, such as verification code checkCode, etc.

The above are some changes made during this period of time in the process of actual use, and the plug-in will be further optimized according to your suggestions. Thank you for your support.

Here are some of the code and implementation ideas in the program:

The request listening segment implementation code public void processHttpMessage (int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {boolean addFlag = false;// is added to the scan list / / to determine whether it is a request request and whether the switch turns on if (messageIsRequest & & sqlmapApiPanel.isStart ()) {String host = helpers.analyzeRequest (messageInfo). GetUrl (). GetHost () If (host.matches (targetDomian)) {IRequestInfo iRequestInfo = helpers.analyzeRequest (messageInfo); / from? Truncating URL at the number distinguishes http from https String url = String.valueOf (iRequestInfo.getUrl ()); url = url.indexOf ("?") > 0? Url.substring (0, url.indexOf ("?"): url / / exclude the specified suffix URL (eg: .jpg | .png | .ico) if (! excludeSuffix.matcher (url). Matches () {/ / construct task entity TaskEntity entity = new TaskEntity (iRequestInfo.getUrl (), / / iRequestInfo.getMethod ()) / / callbacks.saveBuffersToTempFiles (messageInfo), / / iRequestInfo) / / perform data deduplication detection String hash = bCrypt.hashpw (entity.getSignString (- 1, ingoreParams), SALT); Integer repeatCheckValue = 1 If (String.valueOf (iRequestInfo.getHeaders ()) .indexOf ("Chris-To-Sqlmap")! =-1) {if (repeatCheck.containsKey (hash)) {repeatCheckValue = repeatCheck.get (hash) + 1; hash = hash + repeatCheckValue } addFlag = true } / / detect whether the current packet is duplicated Check whether the current packet should be filtered according to the parameter else if (! repeatCheck.containsKey (hash) & &! entity.hasParams (excludeParams)) {/ / repeatCheck if (! entity.getParamBody (). IsEmpty ()) {/ / detect whether the post parameter is empty addFlag = true } else if (! entity.getParamUrl (). IsEmpty ()) {/ / detect whether the get parameter is empty addFlag = true;} else if (sqlmapApiOption.getLevel () > = 3 & &! entity.getParamCookie (). IsEmpty ()) {/ / level parameter greater than 3 should detect cookie injection addFlag = true }} if (addFlag) {int row = listTasks.size (); repeatCheck.put (hash, repeatCheckValue); listTasks.add (entity); fireTableRowsInserted (row, listTasks.size ()) }}

Implementation code for task execution segment: public void run () {while (true) {if (! threadFlag) {try {sqlmapApiPanel.setMessage ("Waiting."); sleep (3 * 1000) } catch (InterruptedException e) {stderr.print (e.getMessage ());} continue } / / add task if (runingTasks.size () < THREAD_NUMBER & & listTasks_start < listTasks.size ()) {while (runingTasks.size () < THREAD_NUMBER & & listTasks_start < listTasks.size ()) {TaskEntity entityNew = listTasks.get (listTasks_start) EntityNew.setTaskid (sqlmapapi.tastNew (sqlmapapiServer)); if (entityNew.getTaskid ()! = "& & entityNew.getTaskid ()! ="-") {entityNew.setTaskEngineid (sqlmapapi.taskStart (sqlmapapiServer, entityNew, sqlmapApiOption)); runingTasks.put (entityNew.getTaskid (), entityNew) SqlmapApiPanel.setMessage ("New task" + entityNew.getTaskid () + ", URL:" + String.valueOf (entityNew.getUrl ()) + ".); listTasks_start++ } else {try {sqlmapApiPanel.setMessage ("New task failed! URL: "+ String.valueOf (entityNew.getUrl ()) +". "); sleep (3 * 1000);} catch (InterruptedException e) {stderr.print (e.getMessage ()) } continue } if (runingTasks.size ()! = 0) {/ / refresh the status of the task in map List removeList = new ArrayList () For (String key: runingTasks.keySet ()) {TaskEntity entityRuning = runingTasks.get (key); String status = sqlmapapi.flushStatus (sqlmapapiServer, entityRuning); sqlmapApiPanel.setMessage ("Flash task [" + key + "]" + status + ".") If ("terminated" .equals (status)) {entityRuning.setTaskStatus (status); entityRuning.setTaskScanData (sqlmapapi.flushScanData (sqlmapapiServer, entityRuning)); sqlmapApiPanel.setMessage ("Task [" + key + "] finished.") RemoveList.add (key);} else if ("not running" .equals (status)) {stderr.println (entityRuning.getTaskid () + "not running"); / / entityRuning.setTaskEngineid (taskStart (entityRuning)) } else {entityRuning.setTaskStatus (status);} try {sleep (3 * 1000) } catch (InterruptedException e) {stderr.print (e.getMessage ()) }} if (! removeList.isEmpty ()) {for (String key: removeList) {runingTasks.remove (key) }} fireTableRowsInserted (0, listTasks.size ());} else {try {sleep (3 * 1000) } catch (InterruptedException e) {stderr.print (e.getMessage ());}

This is how the batch injection plug-in generated by Burpsuit combined with SQLMapAPI is shared here. I hope the above content can be of some help and can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.