BKreisel / sqlmap-websocket-proxy

Tool to enable blind sql injection attacks against websockets using sqlmap

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

sqlmap Websocket Proxy

đź’‰Tool to enable blind sql injection attacks against websockets using sqlmap

Heavily based on an excellent writeup from Rayhan Ahmed: Automating Blind SQL injection over WebSocket

Example

sqlmap-websocket-proxy -u ws://sketcy.lol:1337 -p '{"id": "%param%"}'
python3 sqlmap.py -u  http://localhost:8080/?param1=1

Usage

usage: sqlmap-websocket-proxy [-h] -u URL -d DATA [-p PORT]

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     URL to the websocket (example: ws://vuln_server:1337/ws)
  -d DATA, --data DATA  Paylod with injectable fields encoded as '%param%' (example: {"id": "%param%"})
  -p PORT, --port PORT  Proxy Port (default: 8080)

Installation

PyPI

python3 -m pip install sqlmap-websocket-proxy

Manual

python3 -m pip install sqlmap_websocket_proxy-1.1.0-py3-none-any.whl

Git

python3 -m pip install .

Download Latest Release

Demo

demo

About

Tool to enable blind sql injection attacks against websockets using sqlmap

License:MIT License


Languages

Language:Python 100.0%