SQLMAP ? How to use it along Burp Suite

by | Mar 21, 2023 | Blog, Ethical Hacking, Kali | 0 comments

What is SQLMAP?

SQLMAP is a powerful open-source penetration testing tool designed to automate the process of detecting and exploiting SQL injection vulnerabilities in web applications. SQL injection attacks remain one of the most common web application vulnerabilities that can be exploited by malicious hackers to gain unauthorized access to sensitive data or take over a vulnerable system.

sqlmap installed in kali linux

SQLMAP with BURP SUITE

Integrating SQLMAP with Burp Suite can enhance the capabilities of both tools and allow security researchers to conduct more efficient and effective penetration testing. In this article, we will explore what SQLMAP is and how to use it with Burp Suite.

Firstly, let’s look at SQLMAP. SQLMAP is a command-line tool that can be used to identify and exploit SQL injection vulnerabilities in web applications. It automates the process of detecting SQL injection vulnerabilities, enumerating database schemas, and extracting sensitive data such as usernames and passwords. SQLMAP supports various database management systems including MySQL, Oracle, Microsoft SQL Server, and PostgreSQL.

Identifying Target with SQLMAP

To use SQLMAP, the first step is to identify a target web application that is vulnerable to SQL injection attacks. Once the target is identified, the next step is to determine the injection point within the web application. SQLMAP supports various injection techniques such as error-based, time-based, and boolean-based injection. The tool can also detect and bypass web application firewall (WAF) protections such as mod_security.

Now let’s explore how to integrate SQLMAP with Burp Suite. Burp Suite is a popular web application security testing tool that allows security researchers to intercept and modify web traffic, discover vulnerabilities, and perform manual and automated penetration testing. By integrating SQLMAP with Burp Suite, security researchers can automate the process of identifying SQL injection vulnerabilities and extracting sensitive data.

Intercepting with Burp Suite

To use SQLMAP with Burp Suite, the first step is to intercept and forward a request containing a SQL injection vulnerability to SQLMAP. This can be done by using Burp Suite’s proxy feature to intercept the request and forward it to SQLMAP. Once the request is forwarded to SQLMAP. The tool will automatically identify the injection point and start enumerating the database schema.

SQLMAP also supports various options and switches that can be used to customize the enumeration process. For example, the –dbs switch can be used to enumerate the names of all the databases on the vulnerable system. While the –dump switch can be used to extract data from a specific database and table.

In conclusion, SQLMAP is a powerful tool for identifying and exploiting SQL injection vulnerabilities in web applications. By integrating SQLMAP with Burp Suite, security researchers can automate the process of identifying vulnerabilities and extracting sensitive data. When using SQLMAP with Burp Suite. It is important to carefully review the tool’s options and switches and to use it responsibly and ethically.

Command-line structure of SQLMAP

  1. Target URL: The target URL is the web application that is being tested for SQL injection vulnerabilities. It can be specified using the -u or –url switch.
  2. Request file: If the target URL is not accessible or the web application requires authentication, then the HTTP request can be saved in a file and used as input for SQLMAP. This can be specified using the -r or –request-file switch.
  3. Database management system: SQLMAP supports various database management systems such as MySQL, Oracle, Microsoft SQL Server, and PostgreSQL. The database management system can be specified using the -dbsms or –dbms switch.
  4. Injection point: The injection point is the location in the web application where the SQL injection vulnerability is present. SQLMAP supports various injection techniques such as error-based, time-based, and boolean-based injection. The injection point can be specified using the -p or –param switch.
  5. Enumeration: Once SQLMAP identifies the injection point, it can enumerate the database schema, tables, and columns. The enumeration can be customized using various switches such as –dbs, –tables, and –columns.
  6. Data extraction: SQLMAP can extract data from the database once the schema, tables, and columns are enumerated. Data extraction can be customized using switches such as –dump-all, –dump, and –search.
  7. WAF bypass: SQLMAP can also bypass web application firewall (WAF) protections such as mod_security. This can be specified using the -b or –tamper switch.
  8. Advanced options: SQLMAP also supports various advanced options and switches such as –level, –risk, –random-agent, and –proxy. These options can be used to customize the penetration testing process and enhance the efficiency of the tool.

Example of SQLMAP Command

sqlmap -u "http://example.com/index.php?id=1" --dbs --batch --random-agent

This command is used to scan a URL “http://example.com/index.php?id=1” for SQL injection vulnerabilities, enumerate the names of all databases, and use a random user agent for the HTTP requests.

The -u or –url switch specifies the URL to be scanned for vulnerabilities. In this case, the URL is “http://example.com/index.php?id=1“.

The –dbs switch is used to enumerate the names of all databases on the vulnerable system. This switch instructs SQLMAP to extract information about the databases present on the web server.

The –batch switch runs SQLMAP in batch mode, which means that the tool will not prompt the user for confirmation before executing any command. This switch is useful when automating the SQL injection testing process.

The –random-agent switch instructs SQLMAP to use a random user agent for HTTP requests. This can help to bypass some basic security checks that may be in place to detect automated tools.

Overall, this command is a powerful example of how SQLMAP can be used to automate the process of identifying SQL injection vulnerabilities and extracting sensitive data from a web application. By specifying the target URL and various switches such as –dbs, –batch, and –random-agent, security researchers can quickly and efficiently conduct penetration testing and identify vulnerabilities.

Example SQLMAP command to check for vulnerability 

sqlmap -u "http://www.example.com/vulnerable_page.php?id=1" --level 5 --risk 3 --batch --dump-all

In this command, the -u switch is used to specify the vulnerable page URL, which is “http://www.example.com/vulnerable_page.php?id=1“. This URL contains a vulnerable parameter “id” which is susceptible to SQL injection.

The –level and –risk switches are used to specify the aggressiveness of the SQL injection test. In this case, the level is set to 5 and risk is set to 3, which means that SQLMAP will use the most advanced SQL injection techniques to exploit the vulnerability. This can help to uncover more complex vulnerabilities and retrieve more sensitive data.

The –batch switch is used to run SQLMAP in batch mode. This means that SQLMAP will not prompt the user for confirmation before executing any commands. This switch is useful when automating the SQL injection testing process.

Finally, the –dump-all switch is used to dump all the data from the database. This includes sensitive information such as usernames, passwords, and credit card details. This switch instructs SQLMAP to extract all available data from the database that is accessible through the vulnerable page.

Overall, this command is a powerful example of how SQLMAP can be used to conduct an aggressive and comprehensive SQL injection test on a vulnerable web page. By specifying the URL and various switches such as –level, –risk, –batch, and –dump-all, security researchers can quickly and efficiently identify vulnerabilities and extract sensitive data. However, it is important to note that using SQLMAP to attack websites without proper authorization is illegal and can result in severe consequences. It is crucial to always obtain proper authorization and follow ethical hacking guidelines when conducting security tests on web applications.

Official Sources

Burp Suite Source: https://portswigger.net/burp/communitydownload

SQLMAP: https://sqlmap.org/

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.