Archive

Archive for the ‘Penetration Testing’ Category

Automating SQL Injection with Burp, Sqlmap and GDS Burp API

June 26, 2012 Leave a comment

I came across GDS Burp API which seems like a very useful tool for parsing Burp Proxy logs.  The GDS Burp API exposes a Python object interface to requests/responses recorded by Burp. The below link provides a very good introduction to the API.

http://blog.gdssecurity.com/labs/2010/8/10/constricting-the-web-the-gds-burp-api.html

I wrote a simple script to use the API to parse the Burp proxy logs and send it to SQLMap to automate testing SQL injection for all GET and POST parameters and skip all urls without any parameters.

1. Clone the GDSSecurity burpee repository git clone https://github.com/GDSSecurity/burpee.git

2. Download burpSQL.py from https://github.com/milo2012/burpSQL into the burpee folder

3. Next, we will have to configure logging in Burpsuite

4. Change the proxy settings of your browser to 127.0.0.1:8080

5. Crawl the website with Owasp Ajax Crawling tool or spider with Burpsuite or the manual way.

Below are the command line options for burpSQL

6. The above is pretty self explanatory.  If your Burp proxy log is cluttered with urls from multiple domains, you can filtered the SQL injection testing to specific domains using the –domain switch.

Drop me a message if you have any suggestions or comments.  Thank you !

OWASP Ajax Crawling Tool (Good Companion Tool to Burpsuite)

December 26, 2011 1 comment

OWASP Ajax Crawling Tool is an awesome companion to the tool Burpsuite. It allows you to crawl ajax websites which is a feature missing from Burpsuite. Both are must have tools for penetration testing of modern Ajax websites.

The official website for ACT is https://www.owasp.org/index.php/OWASP_AJAX_Crawling_Tool

The current version of ACT 0.1a seems to have issues with crawling some Ajax websites due to some issues in the dependencies.

I have submitted the bugfixes to the website but it will take some time for the changes to be committed.

Below shows the screenshots of the results of the crawl before and after the patch.

Before the patch

After the patch
As shown in the below screenshot, extra 4 links were discovered after the patch.

I have also added the function of being able to specify the proxy server via command line mode.

Below is the temporary download link for the ACT if you can’t wait for the changes to be committed at the main site.

https://www.dropbox.com/s/gosq97z5vjlr09f/act-new.jar

Categories: Penetration Testing
Follow

Get every new post delivered to your Inbox.