SQL injection is yet another common vulnerability that is the result of lax input validation. Unlike cross-site scripting vulnerabilities that are ultimately directed at your site’s visitors, SQL injection is an attack on the site itself—in particular its database. The goal of SQL injection is to insert arbitrary data, most often a database query, into a string that’s eventually executed by the database. The insidious query may attempt any number of actions, from retrieving alternate data, to modifying or removing information from the database.
SQLInject-Finder is a simple python script that parses through a pcap and looks at the GET and POST request data for suspicious and possible SQL injects. Rules to check for SQL injection can be easily added. Output can be printed neatly on the command line or in tab delimited format.
The output includes:
* The suspicious IP address
* The attacked webpage
* The parameter and value used
* The frame number of the packet within the pcap (can be used to find exactly where the packet is in Wireshark)
* The reason why the request was flagged
Using sqlinject-finder:
Download sqlinject-finder from here
sqlinject-finder script depends on the dpkt libraries.
Ubuntu user can install python dpkt libraries using following command
SQLInject-Finder is a simple python script that parses through a pcap and looks at the GET and POST request data for suspicious and possible SQL injects. Rules to check for SQL injection can be easily added. Output can be printed neatly on the command line or in tab delimited format.
The output includes:
* The suspicious IP address
* The attacked webpage
* The parameter and value used
* The frame number of the packet within the pcap (can be used to find exactly where the packet is in Wireshark)
* The reason why the request was flagged
Using sqlinject-finder:
Download sqlinject-finder from here
sqlinject-finder script depends on the dpkt libraries.
Ubuntu user can install python dpkt libraries using following command
sudo apt-get install python-dpkThis tool parses through a pcap file and looks for potential SQL injection attempts.
python sqlinject-finder.py -f capture.pcap
python sqlinject-finder.py -f capture.pcap -t > capture.tsv
2 comments:
Hi,
SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. Thank you...
Web Grabber
SQL injection is an improvement over SQL carburettors. You get better MPG and the engine runs smoother.
Post a Comment