搭建 AutoSQLi 与 sqlmapapi 的简易使用

参考资料

https://blog.csdn.net/m0_37438418/article/details/80949540

https://github.com/LeeHDsniper/AutoSqli

http://testphp.vulnweb.com/

sqlmapapi client 使用指南

python sqlmapapi.py --help

# 客户端模式
python sqlmapapi.py -c

# 客户端模式 选择远程 sqlmapapi server
python sqlmapapi.py -c --host 192.168.1.7

# 新建任务
api> new -u "http://wp.blkstone.me/search.php?query=a" --data="a=1&b=2" --technique=EBU --cookie="ASP.NET_SessionId=y0ohwxaoex1paprgcuk0syqm"

分析 sqlmapapi client 的流量

将 sqlmapapi 代理到 burp
根据 client 文件
编辑如下文件 sqlmap/lib/utils/api.py

def _client(url, options=None):
    logger.debug("Calling '%s'" % url)
    try:
        data = None
        if options is not None:
            data = jsonize(options)
        headers = {"Content-Type": "application/json"}

        if DataStore.username or DataStore.password:
            headers["Authorization"] = "Basic %s" % base64encode("%s:%s" % (DataStore.username or "", DataStore.password or ""))

        httpproxy_handler = urllib2.ProxyHandler({"http" : "127.0.0.1:9090"})
        opener = urllib2.build_opener(httpproxy_handler)

        req = urllib2.Request(url, data, headers)
        # response = urllib2.urlopen(req)
        response = opener.open(req)
        text = response.read()
    except:
        if options:
            logger.error("Failed to load and parse %s" % url)
        raise
    return text

其他思路：
1 使用 Proxifier 来代理流量
2 使用 proxychains4 来代理流量

https://github.com/5up3rc/NagaScan
https://github.com/jjf012/PassiveScanner
https://github.com/ysrc/GourdScanV2

• #Penetration Testing
• #Python