Burp Suite User Forum

Login to post

SQL injection table exploration with jSQL Injection

ron190 | Last updated: Apr 07, 2020 08:11PM UTC

Hi, I'm programming the tool jSQL Injection and I'm thinking about creating a BApp extension to explore easily the databases from Burp Suite. jSQL is already made on Java with a Swing GUI available on Github, so I think integration of some functionalities should be possible. I haven't found any BApp that provides a GUI for database exploration, so do you know if this use case exists already in Burp? Is it allowed to build injection exploits from Burp? Do you have any advises, any guidance, for me to start create BApp efficiently with this use case? Thank you, ron190

Hannah, PortSwigger Agent | Last updated: Apr 08, 2020 08:36AM UTC

Hi Burp does check for SQL injection when it performs a scan. For a full list of vulnerabilities the Scanner can check for, please visit https://portswigger.net/kb/issues You can add your own Scanner checks and custom issues to Burp by using our extension functionality. You can find out more about Burp extensions here: - https://portswigger.net/burp/extender (includes some example extensions to get you started) - https://portswigger.net/burp/extender/writing-your-first-burp-suite-extension - https://portswigger.net/burp/extender/api/

ron190 | Last updated: Apr 09, 2020 10:18AM UTC

Thank you for your support and for the relevant resources.

You need to Log in to post a reply. Or register here, for free.