From title you might think that its a useless piece of code.But let me tell you its not.I dint write this to timepass.A a pretty much good automated SQLi tool called Havij(Hope you guys are already familiar with) forced me to write this. Not exactly but its a kind of an external plugin for the tool Havij(Free Version).
Havij is an automated SQL Injection tool.No doubt its a great tool for doing automated SQL injection.But one problem with this tool is its not fully free! :(
The free version also has many great features but one problem I have faced while using this free version that is,it does not allows users to scan/run database enumeration on sites which uses SSL (https://) :(
So to overcome this limitation I have decided to write a proxy for it. But this proxy is not like most common http proxies. This proxy can be used to scan a ssl enabled site using Free Version of Havij.
Suppose you wanna try SQLi on "https://www.target.com/search.php?name=debasish" using Havij.So when you try to fire a scan using Havij you get an error like
"Havij Free does not allow https://".blah blah ....
So to overcome this limitation what you have to do is :
1. Configure your Havij Free to use a http proxy 127.0.0.1:8080 while scanning.
2. Run this python script.(It will start a proxy server on port 127.0.0.1:8080)
3. In the target field of Havij instead of entering "https://www.target.com.search.php?name=debasish" you need to add "http://www.target.com/search.php?name=debasish".So when you start scanning through havij the proxy script will do following:
3.1. Take plain http request(SQLi request) from Havij.2
3.2. Create a SSL connection to target.3
3.3. Forward the same request received from Havij to target server.
3.4. After receiving the response from server through secure shell it will feed the response to Havij.
This proxy is not suitable for web browsing. You will face some problems. Normal request/response generally used for SQLi it can handle. But one bad thing about this script is,it will make the speed of you SQLi process bit slower. It has the ability to handle gzip compressed response.
So here is the code: Enjoy SQLi on SSL sites using Havij Free!I dint test it much, so let me know if it is not working properly.
looks interesting...will try..thanks for sharing debasish..:)ReplyDelete
Working almost fine but bit slower than normal and some times its showing this error in console!ReplyDelete
Exception happened during processing of request from ('127.0.0.1', 56329)
Traceback (most recent call last):
File "/usr/lib/python2.7/SocketServer.py", line 284, in _handle_request_noblock
File "/usr/lib/python2.7/SocketServer.py", line 310, in process_request
File "/usr/lib/python2.7/SocketServer.py", line 323, in finish_request
self.RequestHandlerClass(request, client_address, self)
File "/usr/lib/python2.7/SocketServer.py", line 639, in __init__
File "havij-proxy.py", line 62, in handle
File "/usr/lib/python2.7/socket.py", line 224, in meth
error: [Errno 32] Broken pipe
Any way thanks for sharing!
thanks for your feedback! I will dfntly chk it n update the script if i can reproduce the issue with this script!Delete
I have a best way to open any site just enter your site which is blocked in your location and click itReplyDelete
Fenopy UK proxy
Digitized items can cross the fringe continuously, shoppers can shop 24 hours every day, seven days seven days, and firms are progressively looked with universal online competition. prywatnoscwsieciReplyDelete
nice information.please visit our website to know about advance pythan courses.ReplyDelete
Awesome article! I want people to know just how good this information is in your article. It’s interesting, compelling content. Your views are much like my own concerning this subject. 1337xReplyDelete
Wow, What an Outstanding post. I found this too much informatics. It is what I was seeking for. I would like to recommend you that please keep sharing such type of info.If possible, Thanks. 1337xReplyDelete
A Proxy is a central machine on the network that allows other machines in that network to use a shared Internet connection. torrentz2ReplyDelete
I wanted to thank you for this great read!! I definitely enjoying every little bit of it I have you bookmarked to check out new stuff you post. this linkReplyDelete
Once again with the changes within Google we have had a wave of devastating forecasts from the scare mongers and doom and gloom merchants predicting the end of internet marketing and the inability of making any internet income. It seems every few months over the last decade someone else comes to the fore carrying the banner of the deprived internet marketer proclaiming that some particular method of making money online is dead or dying. KickassTorrents proxyReplyDelete
The Uttarakhand Board will release the UK Board tenth model paper 2020-21 at the side of the question papers quickly on its authentic internet site. Students could be capable of download the Uttarakhand Board Class 10 question papers UBSE 10th Question Paper 2021 As quickly as they may be launched, students who can be acting for UK Board Class 10 examinations should guide them as them in getting familiarised with the UK tenth exam pattern in a higher manner.ReplyDelete
온라인카지노사이트 Thanks for sharing your info. I really appreciate your efforts and I will be waiting for your further write.ReplyDelete
Thanks for sharing !
바카라사이트 these websites are really needed, you can learn a lot.ReplyDelete
토토사이트 his article is very effective and valuable. I am very glad to read your blog. I hope you will soon share your next post about this discussion. Thanks for sharing and keep sharingReplyDelete
토토 Thanks for every other great article. The place else could anybody get that kind of information in such an ideal approach of writing?ReplyDelete
I've a presentation subsequent week, and I am on the search for such information.
We are fans of Pokemon Go game and thought to help the community. Pokemon Go Friends Codes helps Pokemon Go trainers to find and add each other with ease.ReplyDelete
pokemon go trainer codes list
Best Content Website thanks for this...!!!!ReplyDelete
you are try to do some best of peoples...!!!!
i WILL share the content with my friends....
once again thanku so much..... >>>>>>>>>
What are IXICA Services?
Canadian facilities based CLEC
with coast to coast coverage, delivering
SIP Trunking, Cloud PBX & Dedicated Fibre Solutions
Click link More information >>>>>>
shaw cable business support
This was an outstanding blog post. I loved it. I’ll be back to read more. Thanks !ReplyDelete
my web page;온라인슬롯
check this outReplyDelete
I have been looking for articles on these topics for a long time. 카지노사이트 I don't know how grateful you are for posting on this topic. Thank you for the numerous articles on this site, I will subscribe to those links in my bookmarks and visit them often. Have a nice day.ReplyDelete
nclex study guideReplyDelete
That's what makes you the best. You should keep publishing more articles and you will Such Become One of the best writers ever
I admire what you have done here. I love the part where you say you are doing this to give back but I would assume by all the comments that is working for you as well. Do you have any more info on this?ReplyDelete
flyer design service
Extremely decent blog and articles. I am realy extremely glad to visit your blog. Presently I am discovered which I really need. I check your blog regular and attempt to take in something from your blog. Much obliged to you and sitting tight for your new post.메이저사이트모음ReplyDelete
Best American Healthcare University offers CNA certification training classes Online.Nurse Assistant classes Inland Empire, CAReplyDelete
I am a 슬롯사이트 expert. I've read a lot of articles, but I'm the first person to understand as well as you. I leave a post for the first time. It's great!!ReplyDelete
Vicky Agami Street: MORELOS NO. 421, BARRIO DE ANALCO, 34128 City: Durango State/province/area: Durango Phone number 618.813-8985 Zip code 34128 Country calling code +52 Country MéxicoReplyDelete
VISIT OUR WEBSITE.ReplyDelete
VISIT HERE .www.randompokemons.comReplyDelete
Visit Our WebsiteReplyDelete
Your post is very helpful and information is reliable. I am satisfied with your post. Thank you so much for sharing this wonderful post. If you have any assignment requirement then you are at the right place. 메이저사이트ReplyDelete