Anonymously scan for SQL Injection Vulnerabilities with SQLmap, Tor, Polipo and Linux Fedora 16 Verne
In this article I will explain how to anonymously scan a target for SQL Injection vulnerabilities with Tor, Polipo, SQLmap and Fedora 16 Linux. Since I already covered how to install Tor and Polipo in this previous article I will not cover it again here. Make sure Tor and Polipo are running. If not start by running:
sudo service tor start
and to start Polipo
sudo /etc/init.d/polipo start
Now that both services are running we need to run SQLmap. SQLmap has a built in switch that will allow us to scan using Tor and Polipo very easily. To scan an example target run the following command:
./sqlmap.py -u http://example.com/ --dump-all --tor --user-agent="Fake UA (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
-u tells SQLmap what URL to scan. --dump-all will dump all found database tables if any where exploited. The --tor switch tells SQLmap to use Tor for traffic. Last but not least, --user-agent does exactly the obvious and sets the User Agent that will be used in the scan.
To make sure this works log on to one of your servers and check the access log without the --tor switch and then with. You will notice that the IP changes. I have tested this with no problems.