What is the onion mode proxy of SQLMAP?

Due to the need to conduct penetration testing on external websites, most websites have access frequency control. Once this frequency is exceeded, the IP will be banned directly. This problem is particularly prominent when running SQLMAP. When SQLMAP is not completely run, it will directly exit with an error and the interface will be red.

So I started to study the proxy mode of SQLMAP. SQLMAP has two proxy modes, one is a normal proxy (HTTP proxy) and the other is an onion proxy.

Although I have the application of ordinary agents to write about, I found that Baidu has already elaborated it in detail, so I will not repeat it again. Sqlmap Extension—External IP Proxy Pool Implementation

Let’s focus on the onion proxy. At the beginning, when I used onion directly for injection, there was no “aunt red” report. Later, as the number of penetrated websites increased, I found that tor was still There is an error reporting problem. I am thinking whether the tor module in SQLMAP does not have the function of automatically switching IP.

So I wrote a code test to simulate the situation where the IP is directly banned when the intrusion detection system detects the injection. I use a delay of 1000 seconds here, and sqlmap will report an error.

##Use sqlmap --tor --tor-type="SOCKS5" for injection. Unfortunately, tor The IP still hasn't changed.

Later I thought that tor has a mechanism to continuously switch IPs. I guessed that there was no problem with sqlmap. The problem should be with the configuration of tor, so I modified the tor configuration file torrc, located at C:\Users\Administrator\AppData\Roaming \tor

Just add a sentence and switch IP once a minute.

MaxCircuitDirtiness 1

I ran it using sqlmap and found that the IPs were constantly switching

But the configuration file can only be used for 1 minute. I think it needs to be in a short time Switching IP within a certain time, so I found an open source software tor-ip-changer, download address

##

The above is the detailed content of What is the onion mode proxy of SQLMAP?. For more information, please follow other related articles on the PHP Chinese website!