BBQSQL - A Rapid Blind SQL Injection Exploitation Tool

Posted by Deepanker Verma Saturday, February 2, 2013 0 comments

BBQSQL is a nice open source SQL Injection Framework. It designed to make the database hacking faster. This tool is easy to setup and modify. It is written in python and you can modify the source according to your need. This tool was released by Blackhat 2012 USA Tool Arsenal.

The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Python gevent is also implemented, making BBQSQL extremely fast.

This tool works good and it is able to find SQL vulnerabilities that are difficult to exploit.

BBQSQL utilizes two techniques when conducting a blind SQL injection attack.

  • Binary Search: This is the first and default technique used. You can specify details such as the row the targeted character is a part of, what character in the row is, what queue will we push to, etc.
  • Frequency Search: Frequency searching is based on an analysis of the English language to determine the frequency in which a letter will occur. This search method is very fast against non-entropic data, but can be slow against non-English or obfuscated data.

0 comments:

Post a Comment

Blog Archive