Skip to content

dotslashed/postBL

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
README.md
README.md
 
 
postblis.py
postblis.py
 
 
postblisi.PNG
postblisi.PNG
 
 
sample-payloads.txt
sample-payloads.txt
 
 
sample-request.txt
sample-request.txt
 
 
sni-2.PNG
sni-2.PNG
 
 
snip1.PNG
snip1.PNG
 
 

Repository files navigation

postBL

This a simple python tool to detect time based sqli (POST based only). This tool takes three arguements, the raw request file directly copy-pasted from burpsuite, a list of time based sqli payloads, and the method of the request. The tool uses a delimiter named BHOOT in the post parameters as the injection point where you want to inject the payloads out of all the parameters. This BHOOT keyword must be specified in the params in the request file before running the tool. Note that the sample request file gives much delay in 1 unit time only.
Lab links: https://github.com/skyblueee/sqli-labs-php7 , http://testphp.vulnweb.com/login.php

Clonning and installation

~ git clone https://github.com/dotslashed/postBL
~ cd postBL
~ python3 postblis.py raw_request.txt payloads.txt http

alt text
alt text
alt text





Note: This tool is for educational and bug-bounty purposes only. The scripter is strictly not responsible for any miss usages of the tool. Thanks

About

Time based sqli detector -POST based only

Resources

Readme
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages