As you know, SQL Injection is a security vulnerability with critical severity. If you are a hacker you know it as well that it takes a lot of times to find a sql injection vulnerability on a target. It will be worse if you are a penetration tester. You must check this vulnerability on all of target URLs by intercepting packets using Burp Suit or other tools and in big Portals it’s not easy.
I have good news for hackers and pen testers. I made it easier by my new python script. The only thing you should do, is exporting your packets as a burp suit state file. The rest of steps will done by my script. I called me script “Burp-TO-SQLMap” and I will explain the test process from the beginning.
Usage: ./burp-to-sqlmap.py [options]
Options: -f, --file
Options: -o, --outputdirectory
Options: -s, --sqlmappath
Options: -p, --proxy
Options: -r, --risk
Options: -l, --level
Options: -t, --tamper
Example: python burp-to-sqlmap.py -f [BURP-STATE-FILE] -o [OUTPUT-DIRECTORY] -s [SQLMap-Path]
- Vulnerable Packet Result
- Select Your Request
- Right Clicke one one of these selected requests
- Uncheck Base64 Option and create your requests/responses file
