Shulou(Shulou.com)05/31 Report--

This article introduces how to understand the batch injection plug-in generated by Burpsuit combined with SQLMapAPI, the content is very detailed, interested friends can refer to, hope to be helpful to you.

Brief introduction

The younger brother is not talented, while checking the mother to write the program (it seems to be like this all the time), it took a few days to complete the plug-in of this burpsuit. By filtering the traffic in burpsuit, the plug-in can filter out the requests that meet the requirements and send them to SqlmapAPI for automatic scanning.

Plug-in screenshot

The Server parameter configures the server address and port of SqlmapAPI, and the Domain parameter configures the domain name to be intercepted, subject to the value of the Host field in burpsuit, and the number of messages detected simultaneously by the THREAD parameter configuration.

TEST tests whether the sqlmapAPI server can connect successfully.

SqlmapAPI scan parameters configuration, meaning and sqlmap scan parameters are the same, currently only listed these commonly used parameters (individuals are not very familiar with sqlmap, if there are other necessary parameters, please do not hesitate to let us know, thank you! )

TIPS:

When Repeater, add the Chris-To-Sqlmap field to the http header to force the current request to be added to the scan queue. This allows you to add the * sign to the request parameters. (use of sqlmap * to find your own Duniang)

Plug-in structure

Through the way of built-in plug-ins, you can avoid the dependence of the external environment as much as possible, so I am very lazy.

In SqlmapAPI's server, start a sqlmapAPI service on port 8888 with the command sqlmapAPI-s-H 0.0.0.0-p 8888. Then configure the corresponding server address IP:PORT in the burp plug-in and you can use it.

On how to understand Burpsuit combined with SQLMapAPI to generate batch injection plug-ins to share here, I hope that the above content can be of some help to you, can learn more knowledge. If you think the article is good, you can share it for more people to see.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.