安卓安全测试----《四》批量对接口执行 sqlmap 接口注入检查
《四》批量对接口执行sqlmap接口注入检查脚本更新:
------20171128新增了对GET请求的支持对于现有的项目做了部分角度的安全测试。做个记录。工具:sqlmap
介绍:sqlmap很强大,但实际人为去操作的话,会比较耗时间,结合抓包工具的接口数据保存。因为APP主要都是post请求,所以自己写了个自动遍历post接口数据文件的脚本。
相关的参数命令可以自行百度,或者查看github:https://github.com/sqlmapproject/sqlmap/wiki/Usagehar包的来源很多,浏览器检查模式里右键生成,抓包工具导出等等。步骤:
1.使用charles抓包所有需要检查sql注入的接口,把要测功能都过一遍。
(1)使用charles的过滤器只留下被测试应用的接口。
(2)全选被测接口,右键‘Export...’ -》 保存为 ‘data.har’文件,放到下面的目录位置
(3)运行makefile.py 脚本,生成测试接口数据文件$python makefile.py(4)运行run_sqlmap.py 脚本执行接口的sql注入检查
$python run_sqlmap.py
我下面的脚本是直接在dos里把运行信息打印出来的,也可用注释掉那部分可以把运行log输出到文件分析。
但最终如果存在漏洞,sqlmap会自己记录到:用户/.sqlmap/output/ip/log 文件中的。2.脚本介绍
先简单说下我的目录结构:<font color="rgb(34,37,39)"><font face="Helvetica, Arial,">--|sqlmap
----|interface_trace
--------|interface_post_file
--------|data.har
--------|makefile.py
--------|run_sqlmap.py
----|sqlmap.py
----...</font></font>makefile.py
#-*-coding:utf-8-*-
import time
__author__="orion-c"
import json,os
def loadFileData(fileName):
data = open(fileName).read()
data = json.loads(data)
return data
fileName = 'data.har'
all_data = loadFileData(fileName)
request_data = all_data['log']['entries']
for request_index in range(len(request_data)):
method = request_data['request']['method']
if method == "POST":
url = request_data['request']['url']
httpVersion = request_data['request']['httpVersion']
path = url.replace('http://192.168.43.131:82/', '')
#path = url#这里注意我的访问域名是xxxx:82,是25个字符,如果端口是8081等需改为27,如果是域名,改为23,下同
title_line = method + ' /' + path + ' ' + httpVersion
headers = request_data['request']['headers']
new_headers = []
for item in headers:
new_headers.append(item['name'] + ': '+item['value'])
try:
str_new_postData = ''
postData = request_data['request']['postData']['params']
new_postData = []
for params_item_index in range(len(postData)):
if params_item_index < len(postData) -1 :
new_postData.append(postData['name']+'='+postData['value']+'&')
else:
new_postData.append(postData['name'] + '=' + postData['value'])
for i in new_postData:
str_new_postData = str_new_postData + i
title = path.replace('/', '_')
filePath = "interface_post_file\\%s.txt" % title
int_tm = int(round(time.time() * 1000))
tm = str(int_tm)
if os.path.exists(filePath):
new_file = title + tm
filePath = "interface_post_file\\%s.txt" % new_file
with open(filePath, "a") as f:# 格式化字符串还能这么用!
f.writelines(title_line + '\n')
for i in new_headers:
f.writelines(i + '\n')
f.writelines(' ' + '\n')
f.writelines(str_new_postData)
except:
title = path.replace('/', '_')
with open("interface_post_file\\%s.txt" % title, "a") as f:# 格式化字符串还能这么用!
f.writelines(title_line + '\n')
for i in new_headers:
f.writelines(i + '\n')
if method == "GET":
url = request_data['request']['url']
path = url
path_and_parms = url
httpVersion = request_data['request']['httpVersion']
title_line = method + ' /' + path_and_parms + ' ' + httpVersion
headers = request_data['request']['headers']
new_headers = []
for item in headers:
new_headers.append(item['name'] + ': ' + item['value'])
try:
title = path.replace('/', '_')
filePath = "interface_post_file\\%s.txt" % title
int_tm = int(round(time.time() * 1000))
tm = str(int_tm)
if os.path.exists(filePath):
new_file = title + tm
filePath = "interface_post_file\\%s.txt" % new_file
with open(filePath, "a") as f:
f.writelines(title_line + '\n')
for i in new_headers:
f.writelines(i + '\n')
except:
title = path.replace('/', '_')
with open("interface_post_file\\%s.txt" % title, "a") as f:
f.writelines(title_line + '\n')
for i in new_headers:
f.writelines(i + '\n')
run_sqlmap.py
#-*-coding:utf-8-*-
__author__="orion-c.win"
import os
# 遍历指定目录,显示目录下的所有文件名
here = os.getcwd()
interface_post_file = here+'\interface_post_file'
pathDir = os.listdir(interface_post_file)
file_paths = []
for allDir in pathDir:
child = os.path.join('%s\%s' % (interface_post_file, allDir))
file_paths.append(child.decode('gbk')) # .decode('gbk')是解决中文显示乱码问题
os.chdir('..')
for file_path_index in range(len(file_paths)):
#os.system('python sqlmap.py -r %s --batch >> result.txt'%file_paths)
os.system('python sqlmap.py -r %s --batch'%file_paths)
页:
[1]
