sqlmap Websocket Proxy
💉Tool to enable blind sql injection attacks against websockets using sqlmap
Heavily based on an excellent writeup from Rayhan Ahmed: Automating Blind SQL injection over WebSocket
Example
sqlmap-websocket-proxy -u ws://sketcy.lol:1337 -p '{"id": "%param%"}'
python3 sqlmap.py -u http://localhost:8080/?param1=1
Usage
usage: sqlmap-websocket-proxy [-h] -u URL -d DATA [-p PORT]
options:
-h, --help show this help message and exit
-u URL, --url URL URL to the websocket (example: ws://vuln_server:1337/ws)
-d DATA, --data DATA Paylod with injectable fields encoded as '%param%' (example: {"id": "%param%"})
-p PORT, --port PORT Proxy Port (default: 8080)Installation
PyPI
python3 -m pip install sqlmap-websocket-proxyManual
python3 -m pip install sqlmap_websocket_proxy-1.1.0-py3-none-any.whlGit
python3 -m pip install .
