HTTP Proxy for using sqlmap against websockets
Project description
sqlmap Websocket Proxy
💉Tool to enable blind sql injection attacks against websockets using sqlmap
Heavily based on an excellent writeup from Rayhan Ahmed: Automating Blind SQL injection over WebSocket
Example
sqlmap-websocket-proxy -u ws://sketcy.lol:1337 -p '{"id": "%param%"}'
python3 sqlmap.py -u http://localhost:8080/?param1=1
Usage
usage: sqlmap-websocket-proxy [-h] -u URL -d DATA [-p PORT]
options:
-h, --help show this help message and exit
-u URL, --url URL URL to the websocket (example: ws://vuln_server:1337/ws)
-d DATA, --data DATA Paylod with injectable fields encoded as '%param%' (example: {"id": "%param%"})
-p PORT, --port PORT Proxy Port (default: 8080)
Installation
PyPI
python3 -m pip install sqlmap-websocket-proxy
Manual
python3 -m pip install sqlmap_websocket_proxy-1.1.0-py3-none-any.whl
Git
python3 -m pip install .
Demo
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Close
Hashes for sqlmap-websocket-proxy-1.1.0.tar.gz
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 0b9fdbaf54bc7abd985b07a9a5a6e57c5b91900ee21071e1fdad4fd0dbf5d722 |
|
| MD5 | 91396b26714c16f0eb90a97644ba7bf5 |
|
| BLAKE2b-256 | 903400f4f85d4168d23f74a7777d11da7402624ddf4b2771bb9e87e98c5b9bac |
Close
Hashes for sqlmap_websocket_proxy-1.1.0-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 902f4ab2b72f4cc19de66a3047e7debe820fdd5f34d05f0491dab717078b3144 |
|
| MD5 | d776af035678aebb9f7477b34f46270c |
|
| BLAKE2b-256 | 01e1243dcda2ee9fec9b9fb33f60ca52504b151ca9634090dd1ae8a66d684797 |
