Shulou(Shulou.com)06/02 Report--

Today, I will talk to you about how to use the SQLiPy plug-in in Burpsuite, many people may not know much about it. In order to make you understand better, the editor has summarized the following content for you. I hope you can get something according to this article.

I. introduction of the SQLIPy plug-in

The plug-in can scan the request package captured by burp directly using sqlmap. Download address: https://github.com/portswigger/sqli-py

Second, install Jython. Because sqlmap is written in Python language and burp is written by java, you need to download the jython-standalone-2.7.0.jar file first.

1. Download address: https://repo1.maven.org/maven2/org/python/jython-installer/2.7.2/jython-installer-2.7.2.jar

2. Open the installation package and Nnet all the way.

Third, install python2

1. Download address: https://www.python.org/ftp/python/2.7.18/python-2.7.18.amd64.msi

2. Double-click to open the installation package and take the next step.

3. Configure environment variables

4. Verification environment

Fourth, install sqlmap

1. Download address: http://sqlmap.org/

2. Decompress and use it.

Install the SQLiPy plug-in

1. Configure the python environment when the plug-in is used, first fill in the jython path of the installation, and then fill in the directory of the SQLiPy plug-in

2. Choose to add the plug-in, change the plug-in extension type to python, select the SQLiPy file we downloaded, and then click next, and the plug-in will be installed automatically.

3. Installation is successful

VI. Plug-in utilization

1. Set the sqlmapapi listening port, execute sqlmapapi.py-s to see the port of the service, and open API

2. Open the proxy, intercept the packets that may be injected, and right-click to select SQLIPy Scan

3. Set scanning parameters and click start to start scanning.

4. The result can be viewed in the Site map of the Target module, and there may be injection.

5. Get the user name, tick the current user, and click start

After reading the above, do you have any further understanding of how to use the SQLiPy plug-in in Burpsuite? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.