Skip to content
/ sql-injection-scanner Public

A Burp Extension for finding simple SQL exploitable. Supports GET and POST with key-value, Json and XML data type

4 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

a4dyn/sql-injection-scanner

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits

pic

pic

 
 

Extension.py

Extension.py

 
 

README.md

README.md

 
 

Repository files navigation

InjectionScanner

A Burp Extension for finding simple SQL exploitable. Supports GET and POST with key-value of urlencoded, Json and XML data types.

The extension will automatically fetch the data and variables within the URL/data section for users to customize.

Screenshots

UIs

Upper Left Panel:

  • Fetched data will be shown here for users to customize, including data, User-Agent, URL, etc.

Upper Right Panel:

  • Shows the log of each send/receive. User can click on the log to see detail.

Lower Panel:

  • Showes the detail of selected log.

Buttons

Set Basis:

  • Set the currently selected log's content-length to the basis, usually the default content-length.

Hit Once:

  • Using the content shows in the upper left panel, send the package and waiting for response.

Auto Scan:

  • Using current level configuration (lower right selection bar), perform auto scan for possible injection.

Cancel:

  • Force terminate current package waiting procedure, usually used when the Hit Once/Auto Scan button stucks.

Clear Log:

  • Clear the log panel (upper right panel).

Others

  • Abnormal content length will be printed to std-out.

About

A Burp Extension for finding simple SQL exploitable. Supports GET and POST with key-value, Json and XML data type

Resources

Readme
Activity

Stars

4 stars

Watchers

1 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages