Automating SQLi in mitmproxy
In this section, we are going to learn how we can automate a test case for SQL injection in mitmproxy, creating an inline script that we use, the request handler, and some of the things we learned in the previous sections.
SQLi process
The objective of this section is to create an inline script for an mitmproxy, which will allow us to test SQL injection in every URL that has a parameter:
So the process is that, for every URL that has parameters, we need to replace each parameter value with FUZZ while conserving the rest of the parameter values. We do this instead of replacing all the values with FUZZ at once. Then, we replace the FUZZ string in each URL with each value in the injections array.
We then execute the request a match to results content with MySQL errors in the errors array. Let's see the code. Let's go to the editor and open the mitm-3.py file. We have a few new imports:
import urlparse
from copy import deepcopy
import requests
import sys
def injector...
