O'Reilly logo

Mastering Kali Linux for Web Penetration Testing by Michael McPhee

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Stepping it up with SQLMap

Let's take a look at how a tool we've already gotten familiar with, Burp Suite, can be used to feed one of Kali's most venerable tools in SQLI, SQLMap, to assist in checking for all sorts of SQLI. Just a warning – while Burp is about as quick and versatile as tools get, SQLMap takes a long time to get through its many tests. The test run for this chapter took well over 10 hours on a souped up VM (4 cores, 8 GB of RAM) but it is well worth the wait.  Lets check out how this process works.

First of all, we'll need to dust off the cobwebs and start up Burp Suite, making it our proxy and allowing it to intercept our requests. Having done that, we can surf to the same login page we've been picking on, enter in some guest ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required