[sqlmap-users] Feature Suggestion: Live keyboard input
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Feature Suggestion: Live keyboard input
|
From: Eric H <eri...@gm...> - 2009-11-06 17:24:06
|
I'm not terribly experienced with Python or I'd implement this myself - it seems like it would be very simple. During brute-force blind SQL injection (while enumerating a single character at a time), I frequently know what the DB/table/column name is within the first 3 or 4 characters or have a pretty good idea what the next character is. During that input loop, if the program were simply to accept keyboard input, tag that character and immediately try that specific character on the next iteration... It would double or triple the speed I could enumerate table values WHILE decreasing the load on the server during testing. Relying on the good old fashioned human pattern matching is a low-tech solution, but seems to have a high reward for a small amount of work. I'll eat my shoe if this feature is already implemented and I just missed it. Thanks! Eric |
