大家经常可能遇到,用sqlmap跑某些注入的时候,因为网络、waf等问题造成被拦截、跑失败等情况。
因此下面这个脚本可以做到sqlmap自动切换代理,防止被ban。
使用教程如下
1、在ips.txt中存入可用的代理,格式如下
1.1.1.1:1080
2.2.2.2:9988
3.3.3.3:1100
2、运行脚本
python sqlmap_auto_proxy.py
3、sqlmap设置代理
sqlmap -u "http://www.chinabaiker.com/index.php?id=inject" --proxy=http://127.0.0.1:50007
即可在跑注入时,自动切换代理。
部分代码如下
def tcp_mapping_request(local_conn, remote_ip, remote_port): while True: remote_conn = socket.socket(socket.AF_INET, socket.SOCK_STREAM) try: remote_conn.settimeout(3) remote_conn.connect((remote_ip, remote_port)) except Exception: logger.error('Unable to connect to the remote server.') continue threading.Thread(target=tcp_mapping_worker, args=(local_conn, remote_conn)).start() threading.Thread(target=tcp_mapping_worker, args=(remote_conn, local_conn)).start() return
def tcp_mapping_worker(conn_receiver, conn_sender): while True: try: data = conn_receiver.recv(PKT_BUFF_SIZE) except Exception: logger.debug('Connection closed.') break if not data: logger.info('No more data is received.') break try: conn_sender.sendall(data) except Exception: logger.error('Failed sending data.') break
脚本地址:
https://github.com/Jumbo-WJB/sqlmap_auto_proxy