
使用BurpSuite来进行sql注入
BurpSuite之SQL Injection
[平台]:mutillidae
[工具]BurpSuite 1.4.07 + FireFox
1:安装配置mutillidae
如果遇到问题,开下面的帖子.
http://www.irongeek.com/i.php?page=mutillidae/mutillidae-deliberately-vulnerable-php-owasp-top-10
2:SQL Injection测试
选择“OWASP Top 10″ —>> ”A1 – Injection” —>> ”SQLi – Extract Data” —>> ”User Info”,如下:
进入以下界面,如图:
单引号检测Name对应表单,返回如下:
利用常见的手段进行注入,
1.order by
2.UNION
3.SELECT
….
关于如何手动注入,在此略过.
废话了半天,下面直接看Burp Suite的应用.
如果想要熟悉Burp Suite的使用,一定要搞清楚它的几种检测模式.
假设有下面字典,利用上面四种方式,分别完成测试:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
username ——-password user002 ——– pwd002 user003 ——– pwd003 user002 ——– pwd002 sniper ——payload 数为1 ----- username/password -------- sniper 测试过程【%username%---表示测试变量,也就是字典值】 -----%username%/password -----username/%password% user001 ------- password user002 ------- password user003 ------- password .... username ---- user001 username ---- user002 username ---- user003 .... battering ram ———–payload 数为1 ------username/password ------- battering ram 测试 ------%username%=%password%---->%username%/%password% user001 ------- user001 user002 ------- user002 user003 ------- user003 pitchfork -----username/password ------- pitchfork 测试 user001 -------- pwd001 user002 -------- pwd002 user003 -------- pwd003 ... ---------------- ....<span style="background-color:white;"> </span> cluster bomb -------username/password ---------- cluster bomb 测试 |
============================================================
如果还是意犹未尽,www.91ri.org 建议大家去Youtube上看一下关于mutillidae的系列视频,个人觉得那套教程很详细的介绍了Burp Suite的使用.在此仅列出一部分:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
mutillidae-finding-comments-and-file-metadata-using-multiple-techniques mutillidae-demo-usage-of-burp-suite-comparer-tool mutillidae-brute-force-page-names-using-burp-intruder-sniper mutillidae-using-burp-intruder-sniper-to-fuzz-parameters mutillidae-how-to-install-and-configure-burp-suite-with-firefox mutillidae-basics-of-web-request-and-response-interception-using-burp-suite mutillidae-three-methods-for-viewing-http-request-and-response-headers mutillidae-basics-of-burp-suite-targets-tab-and-scope-settings mutillidae-how-to-bypass-maxlength-restrictions-on-html-input-fields mutillidae-manual-directory-browsing-to-reveal-mutillidae-easter-egg-file mutillidae-two-methods-to-bypass-javascript-validation mutillidae-basics-of-sql-injection-timing-attacks mutillidae-how-to-exploit-local-file-inclusion-vulnerability-using-burp-suite mutillidae-analyze-session-token-randomness-using-burp-suite-sequencer mutillidae-use-burp-suite-sequencer-to-compare-mutillidae-csrf-token-strengths mutillidae-spidering-web-applications-with-burp-suite mutillidae-bypass-authentication-using-sql-injection |
参考:http://www.freebuf.com/articles/5560.html
小结:
本文以Intruder的Sniper模式进行实例说明,介绍Burp Suite Intruder功能下singer,battering ram,pitchfork,cluster bomb.是怎么运作的.