├── README
└── burpSQL.py


/README:
--------------------------------------------------------------------------------
1 | 


--------------------------------------------------------------------------------
/burpSQL.py:
--------------------------------------------------------------------------------
  1 | #!/usr/bin/python
  2 | import gds.pub.burp
  3 | import os,sys
  4 | from optparse import OptionParser
  5 | from pprint import pprint
  6 | import subprocess
  7 | import signal
  8 | 
  9 | sqlmapPath="/pentest/database/sqlmap/sqlmap.py"
 10 | 
 11 | dbms=""
 12 | cookie=""
 13 | filename=""
 14 | auto=""
 15 | urls={}
 16 | 
 17 | signal.signal(signal.SIGPIPE, signal.SIG_DFL)
 18 | 
 19 | parser = OptionParser()
 20 | parser.add_option("-f", "--file", dest="filename",
 21 |                   help="Burp proxy logfile", metavar="burpProxyFile")
 22 | parser.add_option("-c", "--cookie", dest="cookie",
 23 |                   help="Cookie to use", metavar="cookieString")
 24 | parser.add_option("-d", "--dbms", dest="dbms",
 25 |                   help="Backend database", metavar="database")
 26 | parser.add_option("--domain", dest="domain",
 27 |                   help="Domain name", metavar="domainName")
 28 | parser.add_option("-a", "--auto",
 29 |                   action="store_true", dest="auto", default=False,
 30 |                   help="Answer 'Yes' to all sqlmap questions")
 31 | 
 32 | (options, args) = parser.parse_args()
 33 | 
 34 | if options.filename==None:
 35 | 	print "[!] Please use -f or --filename and select a burp proxy file"
 36 | 	sys.exit(0)
 37 | 
 38 | if options.auto!=False:
 39 | 	auto="yes | "
 40 | else:
 41 | 	auto=""
 42 | 
 43 | try:
 44 |    with open(options.filename) as f: pass
 45 | except IOError as e:
 46 |    print '[!] Problem opening burp proxy logfile: '+str(e)	
 47 |    sys.exit(0)
 48 | except NameError as e:
 49 |    print '[!] Problem opening burp proxy logfile: '+str(e)	
 50 |    sys.exit(0)
 51 | 
 52 | if options.dbms!=None:
 53 | 	dbms=" --dbms="+options.dbms
 54 | 
 55 | proxylog = gds.pub.burp.parse(options.filename)
 56 | for i in proxylog:
 57 | 	if(i.get_request_method()=='GET'):
 58 | 		if options.domain!=None:
 59 | 			if str(options.domain.lower()) in str(i.host.lower()):
 60 | 				url = i.host+i.get_request_path()
 61 | 				if "?" in i.get_request_path():
 62 | 					if options.cookie==None:
 63 | 						cookie=i.get_request_header('Cookie')
 64 | 					else:
 65 | 						cookie=options.cookie
 66 | 					if(len(i.get_request_body())>0):
 67 | 						if i.get_request_body() not in urls:
 68 | 							urls[i.get_request_body()]=cookie
 69 | 						cmd = auto+" /usr/bin/python "+sqlmapPath+" -u \""+url+"\""+dbms+" --threads 4 --beep --data=\""+i.get_request_body()+"\" --cookie=\""+cookie+"\""
 70 | 						print cmd
 71 | 						subprocess.call(cmd,shell=True)
 72 | 					else:
 73 | 						cmd = auto+" /usr/bin/python "+sqlmapPath+" -u \""+url+"\""+dbms+" --threads 4 --beep --cookie=\""+cookie+"\""
 74 | 						print cmd
 75 | 						subprocess.call(cmd,shell=True)
 76 | 
 77 | 		else:
 78 | 			if "?" in i.get_request_path():
 79 | 				if options.cookie==None:
 80 | 					cookie=i.get_request_header('Cookie')
 81 | 				else:
 82 | 					cookie=options.cookie
 83 | 				url = i.host+i.get_request_path()
 84 | 				if(len(i.get_request_body())>0):
 85 | 					if i.get_request_body() not in urls:
 86 | 						urls[i.get_request_body()]=cookie
 87 | 						cmd = auto+" /usr/bin/python "+sqlmapPath+" -u \""+url+"\""+dbms+" --threads 4 --beep --cookie=\""+cookie+"\""
 88 | 						print cmd
 89 | 						subprocess.call(cmd,shell=True)		
 90 | 
 91 | 				else:
 92 | 					cmd = auto+" /usr/bin/python "+sqlmapPath+" -u \""+url+"\""+dbms+" --threads 4 --beep --cookie=\""+cookie+"\""
 93 | 					print cmd
 94 | 					subprocess.call(cmd,shell=True)
 95 | 
 96 | 	if(i.get_request_method()=='POST'):	
 97 | 		if options.domain!=None:
 98 | 			if str(options.domain.lower()) in str(i.host.lower()):
 99 | 				if options.cookie==None:
100 | 					cookie=i.get_request_header('Cookie')
101 | 				else:
102 | 					cookie=options.cookie
103 | 				url = i.host+i.get_request_path()
104 | 				if(len(i.get_request_body())>0):
105 | 					if i.get_request_body() not in urls:
106 | 						urls[i.get_request_body()]=cookie
107 | 						cmd = auto+" /usr/bin/python "+sqlmapPath+" -u \""+url+"\""+dbms+" --threads 4 --beep --data=\""+i.get_request_body()+"\" --cookie=\""+cookie+"\""
108 | 						print cmd
109 | 						subprocess.call(cmd,shell=True)
110 | 		else:
111 | 			if options.cookie==None:
112 | 				cookie=i.get_request_header('Cookie')
113 | 			else:
114 | 				cookie=options.cookie
115 | 			url = i.host+i.get_request_path()
116 | 			if(len(i.get_request_body())>0):
117 | 				if i.get_request_body() not in urls:
118 | 					urls[i.get_request_body()]=cookie
119 | 					cmd = auto+" /usr/bin/python "+sqlmapPath+" -u \""+url+"\""+dbms+" --threads 4 --beep --data=\""+i.get_request_body()+"\" --cookie=\""+cookie+"\""
120 | 					print cmd
121 | 					subprocess.call(cmd,shell=True)
122 | 
123 | 
124 | 


--------------------------------------------------------------------------------