Posted on by Mahesh Balan

BBQSQL – Blind SQL Injection Framework

BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast.

BBQSQL - Blind SQL Injection Framework

Blind SQL injection can be a pain to exploit. When the available tools work they work well, but when they don’t you have to write something custom. This is time-consuming and tedious. BBQSQL can help you address those issues.

Features

The most important thing to note about BBQSQL is that it doesn’t care about the data or database, whilst most SQL Injection tools are built with specific databases or languages in mind.

  • Exploits Blind SQL Injection Vulnerabilities
  • Semi-Automatic
  • Database Agnostic
  • Versatile
  • Utilises Two Search Techniques (binary_search & frequency_search)
  • Concurrent HTTP requests
  • Config Import/Export
  • Custom Hooks
  • Fast

Usage

Similar to other SQL Injection tools you must provide certain request information for the tool to work, for BBSQL this is:

  • URL
  • HTTP Method
  • Headers
  • Cookies
  • Encoding methods
  • Redirect behavior
  • Files
  • HTTP Auth
  • Proxies

Then specify where the injection is going and what syntax we are injecting.

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

root@darknet:~# bbqsql

    _______   _______    ______    ______    ______   __      

   |       \ |       \  /      \  /      \  /      \ |  \      

   | $$$$$$$\| $$$$$$$\|  $$$$$$\|  $$$$$$\|  $$$$$$\| $$      

   | $$__/ $$| $$__/ $$| $$  | $$| $$___\$$| $$  | $$| $$      

   | $$    $$| $$    $$| $$  | $$ \$$    \ | $$  | $$| $$      

   | $$$$$$$\| $$$$$$$\| $$ _| $$ _\$$$$$$\| $$ _| $$| $$      

   | $$__/ $$| $$__/ $$| $$/ \ $$|  \__| $$| $$/ \ $$| $$_____

   | $$    $$| $$    $$ \$$ $$ $$ \$$    $$ \$$ $$ $$| $$     \

    \$$$$$$$  \$$$$$$$   \$$$$$$\  \$$$$$$   \$$$$$$\ \$$$$$$$$

                     \$$$                \$$$

 

                   _.()._

                .‘         ‘.

               / ‘or ‘1‘=’1  \

               |‘-…___…-‘|

                \    ‘=’    /

                 `‘._____.’`

                  /   |   \

                 /.‘|’.\

              []/‘-.__|__.-‘\[]

                      |

                     []

 

    BBQSQL injection toolkit (bbqsql)        

    Lead Development: Ben Toews(mastahyeti)        

    Development: Scott Behrens(arbit)        

    Menu modified from code for Social Engineering Toolkit (SET) by: David Kennedy (ReL1K)    

    SET is located at: https://https://ift.tt/2d5nDTV

    Version: 1.0              

    

    The 5 Ss of BBQ:

    Sauce, Spice, Smoke, Sizzle, and SQLi

    

 

 

Select from the menu:

 

   1) Setup HTTP Parameters

   2) Setup BBQSQL Options

   3) Export Config

   4) Import Config

   5) Run Exploit

   6) Help, Credits, and About

 

  99) Exit the bbqsql injection toolkit

 

bbqsql>

HTTP Parameters

BBQSQL has many https parameters you can configure when setting up your attack. At a minimum you must provide the URL, where you want the injection query to run, and the method. The following options can be set:

  • files
  • headers
  • cookies
  • url
  • allow_redirects
  • proxies
  • data
  • method
  • auth

You specify where you want the injection query to be inserted by using the template ${injection}. Without the injection template the tool wont know where to insert the query.

You can download BBQSQL here:

bbqsql-v1.1.zip

Or read more here.

via https://ift.tt/2d5meg6