BBQSQL is a blind SQL injection exploitation tool.
What is BBQSQL?
Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don't you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues.
BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast.
Overview of Readme
We tried to write the tool in such a way that it would be very self explanatory when setting up an attack in the UI. However, for sake of thoroughness we have included a detailed Readme that should provide you additional insight on the specifics of each configuration option. One thing to note is that every configuration option in the UI has a description associated with it, so if you do choose to fire up the tool without reading this page you should be able to hack your way through an attack.
High Level Usage
Similar to other SQL injection tools you provide certain request information.
Must provide the usual information:
- URL
- HTTP Method
- Headers
- Cookies
- Encoding methods
- Redirect behavior
- Files
- HTTP Auth
- Proxies
Then specify where the injection is going and what syntax we are injecting. Read on for details.
Install
This should be straight forward, but what ever is. Try running:
sudo pip install bbqsql
If that doesn't work for you, you can install from source. The tool requires gevent,requests.
Requirements:
- Python
1 Comments
Gargo 5 Sep 18
Сцуко вы вообще читаете ту хуйню, которую пишете вместо нормального перевода?