Skip to content

SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.

License

Notifications You must be signed in to change notification settings

codewatchorg/sqlipy

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

66 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

sqlipy

SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.

SQLMap comes with a RESTful based server that will execute SQLMap scans. This plugin can start the API for you or connect to an already running API to perform a scan.

Requirements

Jython 2.7 beta, due to the use of json
Java 1.7 or 1.8 (the beta version of Jython 2.7 requires this)

Usage

SQLiPy relies on a running instance of the SQLMap API server. You can manually start the server with:

  python sqlmapapi.py -s -H <ip> -p <port>

Or, you can use the SQLMap API tab to select the IP/Port on which to run, as well as the path to python and sqlmapapi.py on your system.

Once the SQLMap API is running, it is just a matter of right mouse clicking in the 'Request' sub tab of either the Target or Proxy main tabs and choosing 'SQLiPy Scan'.

This will populate the SQLMap Scanner tab of the plugin with information about that request. Clicking the 'Start Scan' button will execute a scan.

If the page is vulnerable to SQL injection, then a thread from the plugin will poll the results and add them to the Scanner Results tab.

For more information, see the post here: https://www.codewatch.org/blog/?p=402

Note

The extension can start the sqlmapapi.py script, but this is not recommended. It has been observed in numerous instances that the API becomes unresponsive when started this way. Updates have been made to solve this issue, but I still recommend starting the API from a command shell.

About

SQLiPy is a Python plugin for Burp Suite that integrates SQLMap using the SQLMap API.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •