BBQSQL - A Rapid Blind SQL Injection Exploitation Tool BQSQL is an open source SQL injection framework specifically designed to be hyper fast, database agnostic, easy to setup, and easy to modify. It is yet another awesome release from the Blackhat 2012 USA Tool Arsenal. When performing application security assessments, we often uncover SQL vulnerabilities that are difficult to exploit. BBQSQL is a blind SQL injection framework written in Python. It is extremely useful when attacking tricky SQL injection vulnerabilities. BBQSQL is also a semi-automatic tool, allowing quite a bit of customization for those hard to trigger SQL injection findings. The tool is built to be database agnostic and is extremely versatile. It also has an intuitive UI to make setting up attacks much easier. Blind SQL Injection Techniques used by BBQSQL: BBQSQL utilizes two techniques when conducting a blind SQL injection attack. Binary Search: This is the first and default technique used. You can specify details such as the row the targeted character is a part of, what character in the row is, what queue will we push to, etc. Frequency Search: Frequency searching is based on an analysis of the English language to determine the frequency in which a letter will occur. This search method is very fast against non-entropic data, but can be slow against non-English or obfuscated data. BBQSQL helps automate the process of exploiting tricky blind SQL injection. We developed a very easy UI to help you setup all the requirements for your particular vulnerability and provide real time configuration checking to make sure your data looks right. On top of being easy to use, it was designed using the event driven concurrency provided by Python’s gevent. This allows BBQSQL to run much faster than existing single/multi-threaded applications. Learn, How to use BBQSQL here. Download BBQSQL
Code: # python ./setup.py install [cut] gevent/libevent.h:9:19: error: event.h: No such file or directory gevent/libevent.h:38:20: error: evhttp.h: No such file or directory gevent/libevent.h:39:19: error: evdns.h: No such file or directory gevent/core.c:427: error: field 'ev' has incomplete type [cut] gevent/core.c: At top level: gevent/core.c:24479: error: expected ')' before 'val' error: Setup script exited with error: command 'cc' failed with exit status 1 # uname -a FreeBSD localmachine 8.3-RELEASE FreeBSD 8.3-RELEASE
