Add filter settings
Optimize display results
Add running prompt information
Add Domain name regular matching
The entire plug-in is divided into three panels: task panel, sqlmapapi parameter configuration panel, and filter conditions panel.
Server: IP and port of SQLmapapi service
THREAD: Number of tasks detected simultaneously
Domain: The domain name that needs to be detected, supports regular matching
CLEAN: Clears the task cache list
TEST: Tests whether the SQLmapapi connection is successful
START: Turns on detection
The lower left is the task list and task status, below the right button is the information prompt area, and below is the request details and scan results.
The settings here refer to the parameter settings of sqlmap.
Tamper: The list is the tamper that comes with sqlmap. Custom tamper can be filled in the input box and separated by "," commas.
LogFile: Set the scanning log file. The storage path of the file is the path on the sqlmapapi server.
ExcludeSuffix: Used to exclude some requests with specified suffixes and use regular rules for matching. For example: pictures, css, js, etc.
IngoreCase: Limit whether ExcludeSuffix is case-sensitive. The default is not case-sensitive.
IngoreParams: Parameters that need to be ignored when detecting repeatability of requests, separated by "," commas, for example: the random number timeStamp in the request, etc.
ExcludeParams: If this parameter exists when filtering a request, the request will not be added to the test list, for example: verification code checkCode, etc.
The above are based on some modifications made during actual use during this period. The plug-in will be further optimized based on your suggestions in the future. Thank you for your support.
The following are some codes and implementation ideas in the program:
public void processHttpMessage(int toolFlag, boolean messageIsRequest, IHttpRequestResponse messageInfo) { boolean addFlag = false;// 是否添加到扫描列表 // 判断是否为request请求、开关是否打开 if (messageIsRequest && sqlmapApiPanel.isStart()) { String host = helpers.analyzeRequest(messageInfo).getUrl().getHost(); if (host.matches(targetDomian)) { IRequestInfo iRequestInfo = helpers.analyzeRequest(messageInfo); // 从?号处截断URL 可区分http 和 https String url = String.valueOf(iRequestInfo.getUrl()); url = url.indexOf("?") > 0 ? url.substring(0, url.indexOf("?")) : url; // 排除指定后缀URL(eg : .jpg|.png|.ico) if (!excludeSuffix.matcher(url).matches()) { // 构造任务实体 TaskEntity entity = new TaskEntity(iRequestInfo.getUrl(), // iRequestInfo.getMethod(), // callbacks.saveBuffersToTempFiles(messageInfo), // iRequestInfo); // 进行数据去重检测 String hash = bCrypt.hashpw(entity.getSignString(-1, ingoreParams), SALT); Integer repeatCheckValue = 1; if (String.valueOf(iRequestInfo.getHeaders()).indexOf("Chris-To-Sqlmap") != -1) { if (repeatCheck.containsKey(hash)) { repeatCheckValue = repeatCheck.get(hash) + 1; hash = hash + repeatCheckValue; } addFlag = true; } // 检测当前数据包是否重复,检测当前数据包是否要根据参数可选过滤 else if (!repeatCheck.containsKey(hash) && !entity.hasParams(excludeParams)) { // repeatCheck if (!entity.getParamBody().isEmpty()) {// 检测post参数是否为空 addFlag = true; } else if (!entity.getParamUrl().isEmpty()) {// 检测get参数是否为空 addFlag = true; } else if (sqlmapApiOption.getLevel() >= 3 && !entity.getParamCookie().isEmpty()) {// level参数大于3是应检测cookie注入 addFlag = true; } } if (addFlag) { int row = listTasks.size(); repeatCheck.put(hash, repeatCheckValue); listTasks.add(entity); fireTableRowsInserted(row, listTasks.size()); } } } } }
public void run() { while (true) { if (!threadFlag) { try { sqlmapApiPanel.setMessage("Waiting."); sleep(3 * 1000); } catch (InterruptedException e) { stderr.print(e.getMessage()); } continue; } // 增加任务 if (runingTasks.size() removeList = new ArrayList(); for (String key : runingTasks.keySet()) { TaskEntity entityRuning = runingTasks.get(key); String status = sqlmapapi.flushStatus(sqlmapapiServer, entityRuning); sqlmapApiPanel.setMessage("Flash task [" + key + "] " + status + " ."); if ("terminated".equals(status)) { entityRuning.setTaskStatus(status); entityRuning.setTaskScanData(sqlmapapi.flushScanData(sqlmapapiServer, entityRuning)); sqlmapApiPanel.setMessage("Task [" + key + "] finished ."); removeList.add(key); } else if ("not running".equals(status)) { stderr.println(entityRuning.getTaskid() + " not running"); // entityRuning.setTaskEngineid(taskStart(entityRuning)); } else { entityRuning.setTaskStatus(status); } try { sleep(3 * 1000); } catch (InterruptedException e) { stderr.print(e.getMessage()); } } if (!removeList.isEmpty()) { for (String key : removeList) { runingTasks.remove(key); } } fireTableRowsInserted(0, listTasks.size()); } else { try { sleep(3 * 1000); } catch (InterruptedException e) { stderr.print(e.getMessage()); } } } }
The above is the detailed content of What is the batch injection plug-in generated by Burpsuit combined with SQLMapAPI?. For more information, please follow other related articles on the PHP Chinese website!