[sqlmap-users] Character frequency during boolean-based attacks
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] Character frequency during boolean-based attacks
|
From: Brandon P. <bpe...@gm...> - 2015-11-16 18:28:21
|
The other night, I was performing a boolean-based attack. I realised that iterating from a-zA-Z0-9 as bytes to compare on the SQL server could be optimized, but only for Latin/English languages, so not sure how useful this would be. During boolean-based blind attacks, would it be useful to use a character frequency map as opposed to iterating over each potential char serially? For instance: https://en.wikipedia.org/wiki/Letter_frequency#Relative_frequencies_of_letters_in_the_English_language Note that the top 5 letters in the English language are e, t, a, o, and i. Statistically speaking, bruteforcing in the order of the character frequency could greatly decrease the number of HTTP requests required to determine a given character. However, this might be too complex/out of scope for sqlmap. Was just a thought I had. Thoughts? -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website |
