Comments (13)
Find out if we can use https://github.com/client9/libinjection to detect SQLi
from tanner.
I have the error when trying to use libinjection with python 3. I used this docs and have next error:
Traceback (most recent call last):
File "/home/afeena/draft/sqli.py", line 4, in <module>
s = sqli_state()
NameError: name 'sqli_state' is not defined
I have module in `/usr/local/lib/python3.5/dist-packages/libinjection-3.9.1-py3.5-linux-x86_64.egg``, I can import module, but can't use functions.
When I use libinjection with python 2 I have no problem. It finds all the function.
I don't know binding process well, maybe we can do smth with error?
from tanner.
I can confirm your issue.
from tanner.
Can you raise an issue with the maintainer of libinjection?
from tanner.
I wrote the issue yesterday :)
client9/libinjection#108
Waiting for the answer
from tanner.
Initial work done here: 638ed6a
from tanner.
- Shall we use docker for DB, or we can run DB without docker?
- Shall we use one DB for all possible users, or maybe we can create DB for every session and then drop it?
- What DB shall we use?
I think about initializing DB: we can use sql file for creating DB. If user wants, he can uses own sql file, but by default we can use any existing dump.
from tanner.
Can you have a look how it was done by Rebecca? https://github.com/rebeccan/glastopf there is some information in install.txt
.
from tanner.
I explored the code one more time. I want to make the first implementation with two tables (users and comments) and sqlite db. And without docker for the first attempt. Would that be OK?
from tanner.
Sounds good,
from tanner.
Mapping requests to tables blew my mind. I have only one idea how to implement this:
create special dorks for sqli based on existing database.
Example:
We have table users
with field id
, username
, email
, password
- Determine set of queries for the table:
SELECT * FROM users WHERE id=
,
SELECT email FROM users WHERE username=
, etc - Create special dorks mapped to the queries:
/smth/blogpost.php?id=1
,
/smth/userinfo.php?username=admin
,
etc.
Maybe this idea has not any chance, but I can't imagine how to make working system for various db and sites.
We can stay for now with Rebecca's implementation: map login/password(in get or post) to users
table (for login form), and comment in request to comment
table.
Can you look at my commits, please? Maybe I move in a wrong direction. afeena@d7d0fb2
afeena@abede5e
from tanner.
SQLi handling consists of two components: We want to detect the the SQLi statements in the HTTP query (using libinjection) and we want to reply to the query so the adversary think he was successful. As you already noticed, the second part is rather difficult.
Usually we see SQLi queries that target specific applications. They will try the query against the honeypot, if it's not working, they move on to a different target. Then we see queries that are only probing to see if there is a vulnerability. Usually they try to trigger a SQL error message. Then they try to use that error message from SQL to get data out of the database. So sometimes it is enough to respond with an SQL error message if we see a SQL injection query. This is how I would start: If it is a SQL injection and we don't know how to respond properly, reply with an error message.
from tanner.
Initial work done with dde3110
from tanner.
Related Issues (20)
- Feature Request: Log4Shell exploit detection
- TannerWeb Redis issue HOT 2
- RFI emulator exception: Future <Future pending> attached to a different loop
- TypeError: zrevrangebyscore() got an unexpected keyword argument 'offset' HOT 2
- GSoC 2022 FAQ [WIP]
- GSoC'22 - HTTP requests evaluation HOT 1
- GSoC'22 - Web Improvement
- Tanner installation HOT 1
- Python 3.10 breaks Tanner HOT 1
- Docker Installation of Tanner fails due to some dependencies HOT 1
- TypeError: zrevrangebyscore() got an unexpected keyword argument 'offset' when running through docker HOT 2
- Session analyzer is not working
- Snare-Stats returns error code 500 Internal Server Error HOT 2
- I have 500 Internal Server Error
- Attempt to decode JSON with unexpected mimetype
- How to use this
- Please, remove "<3.0.0" from jinja paquet inside "requirements.txt" file HOT 4
- The port is required to be int when running snare & tanner HOT 1
- Error after installation tanner, how to solve it
- Tanner "Detection Type" shows only index, unknown and xss HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from tanner.