Home  >  Article  >  Operation and Maintenance  >  What is the batch injection plug-in generated by Burpsuit combined with SQLMapAPI?

What is the batch injection plug-in generated by Burpsuit combined with SQLMapAPI?

WBOY
WBOYforward
2023-05-12 19:19:041304browse

1.1 Changes:

Add filter settings

Optimize display results

Add running prompt information

Add Domain name regular matching

The entire plug-in is divided into three panels: task panel, sqlmapapi parameter configuration panel, and filter conditions panel.

Task Panel

What is the batch injection plug-in generated by Burpsuit combined with SQLMapAPI?

Server: IP and port of SQLmapapi service

THREAD: Number of tasks detected simultaneously

Domain: The domain name that needs to be detected, supports regular matching

CLEAN: Clears the task cache list

TEST: Tests whether the SQLmapapi connection is successful

START: Turns on detection

The lower left is the task list and task status, below the right button is the information prompt area, and below is the request details and scan results.

sqlmapapi parameter configuration panel

What is the batch injection plug-in generated by Burpsuit combined with SQLMapAPI?

The settings here refer to the parameter settings of sqlmap.

Tamper: The list is the tamper that comes with sqlmap. Custom tamper can be filled in the input box and separated by "," commas.

LogFile: Set the scanning log file. The storage path of the file is the path on the sqlmapapi server.

Filter conditions panel

What is the batch injection plug-in generated by Burpsuit combined with SQLMapAPI?

ExcludeSuffix: Used to exclude some requests with specified suffixes and use regular rules for matching. For example: pictures, css, js, etc.

IngoreCase: Limit whether ExcludeSuffix is ​​case-sensitive. The default is not case-sensitive.

IngoreParams: Parameters that need to be ignored when detecting repeatability of requests, separated by "," commas, for example: the random number timeStamp in the request, etc.

ExcludeParams: If this parameter exists when filtering a request, the request will not be added to the test list, for example: verification code checkCode, etc.

The above are based on some modifications made during actual use during this period. The plug-in will be further optimized based on your suggestions in the future. Thank you for your support.

The following are some codes and implementation ideas in the program:

Request listening section implementation code

public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) {
        boolean addFlag = false;// 是否添加到扫描列表
        // 判断是否为request请求、开关是否打开
        if (messageIsRequest && sqlmapApiPanel.isStart()) {
            String host = helpers.analyzeRequest(messageInfo).getUrl().getHost();
            if (host.matches(targetDomian)) {
                IRequestInfo iRequestInfo = helpers.analyzeRequest(messageInfo);
                // 从?号处截断URL 可区分http 和 https
                String url = String.valueOf(iRequestInfo.getUrl());
                url = url.indexOf("?") > 0 ? url.substring(0, url.indexOf("?")) : url;
                // 排除指定后缀URL(eg : .jpg|.png|.ico)
                if (!excludeSuffix.matcher(url).matches()) {
                    // 构造任务实体
                    TaskEntity entity = new TaskEntity(iRequestInfo.getUrl(), //
                            iRequestInfo.getMethod(), //
                            callbacks.saveBuffersToTempFiles(messageInfo), //
                            iRequestInfo);
                    // 进行数据去重检测
                    String hash = bCrypt.hashpw(entity.getSignString(-1, ingoreParams), SALT);
                    Integer repeatCheckValue = 1;
                    if (String.valueOf(iRequestInfo.getHeaders()).indexOf("Chris-To-Sqlmap") != -1) {
                        if (repeatCheck.containsKey(hash)) {
                            repeatCheckValue = repeatCheck.get(hash) + 1;
                            hash = hash + repeatCheckValue;
                        }
                        addFlag = true;
                    }
                    // 检测当前数据包是否重复,检测当前数据包是否要根据参数可选过滤
                    else if (!repeatCheck.containsKey(hash) && !entity.hasParams(excludeParams)) {
                        // repeatCheck
                        if (!entity.getParamBody().isEmpty()) {// 检测post参数是否为空
                            addFlag = true;
                        } else if (!entity.getParamUrl().isEmpty()) {// 检测get参数是否为空
                            addFlag = true;
                        } else if (sqlmapApiOption.getLevel() >= 3 && !entity.getParamCookie().isEmpty()) {// level参数大于3是应检测cookie注入
                            addFlag = true;
                        }
                    }
                    if (addFlag) {
                        int row = listTasks.size();
                        repeatCheck.put(hash, repeatCheckValue);
                        listTasks.add(entity);
                        fireTableRowsInserted(row, listTasks.size());
                    }
                }
            }
        }
    }

Task execution section implementation code:

public void run() {
                while (true) {
                    if (!threadFlag) {
                        try {
                            sqlmapApiPanel.setMessage("Waiting.");
                            sleep(3 * 1000);
                        } catch (InterruptedException e) {
                            stderr.print(e.getMessage());
                        }
                        continue;
                    }
                    // 增加任务
                    if (runingTasks.size()  removeList = new ArrayList();
                        for (String key : runingTasks.keySet()) {
                            TaskEntity entityRuning = runingTasks.get(key);
                            String status = sqlmapapi.flushStatus(sqlmapapiServer, entityRuning);
                            sqlmapApiPanel.setMessage("Flash task [" + key + "] " + status + " .");
                            if ("terminated".equals(status)) {
                                entityRuning.setTaskStatus(status);
                                entityRuning.setTaskScanData(sqlmapapi.flushScanData(sqlmapapiServer, entityRuning));
                                sqlmapApiPanel.setMessage("Task [" + key + "] finished .");
                                removeList.add(key);
                            } else if ("not running".equals(status)) {
                                stderr.println(entityRuning.getTaskid() + " not running");
                                // entityRuning.setTaskEngineid(taskStart(entityRuning));
                            } else {
                                entityRuning.setTaskStatus(status);
                            }
                            try {
                                sleep(3 * 1000);
                            } catch (InterruptedException e) {
                                stderr.print(e.getMessage());
                            }
                        }
                        if (!removeList.isEmpty()) {
                            for (String key : removeList) {
                                runingTasks.remove(key);
                            }
                        }
                        fireTableRowsInserted(0, listTasks.size());
                    } else {
                        try {
                            sleep(3 * 1000);
                        } catch (InterruptedException e) {
                            stderr.print(e.getMessage());
                        }
                    }
                }
            }

The above is the detailed content of What is the batch injection plug-in generated by Burpsuit combined with SQLMapAPI?. For more information, please follow other related articles on the PHP Chinese website!

Statement:
This article is reproduced at:yisu.com. If there is any infringement, please contact admin@php.cn delete