Re: [sqlmap-users] Character frequency during boolean-based attacks
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Character frequency during boolean-based attacks
|
From: Miroslav S. <mir...@gm...> - 2015-11-16 18:54:07
|
Please run with -v 3 to see what sqlmap does. It doesn't iterate serially for all characters. It uses binary search. On average it requires cca. 5-6 requests per char. Bye On Nov 16, 2015 7:28 PM, "Brandon Perry" <bpe...@gm...> wrote: > The other night, I was performing a boolean-based attack. I realised that > iterating from a-zA-Z0-9 as bytes to compare on the SQL server could be > optimized, but only for Latin/English languages, so not sure how useful > this would be. > > During boolean-based blind attacks, would it be useful to use a character > frequency map as opposed to iterating over each potential char serially? > > For instance: > > > https://en.wikipedia.org/wiki/Letter_frequency#Relative_frequencies_of_letters_in_the_English_language > > Note that the top 5 letters in the English language are e, t, a, o, and i. > Statistically speaking, bruteforcing in the order of the character > frequency could greatly decrease the number of HTTP requests required to > determine a given character. > > > However, this might be too complex/out of scope for sqlmap. Was just a > thought I had. Thoughts? > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website > > > ------------------------------------------------------------------------------ > Presto, an open source distributed SQL query engine for big data, initially > developed by Facebook, enables you to easily query your data on Hadoop in a > more interactive manner. Teradata is also now providing full enterprise > support for Presto. Download a free open source copy now. > http://pubads.g.doubleclick.net/gampad/clk?id=250295911&iu=/4140 > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
