Welcome to Burp-to-SQLMap

As you know, SQL Injection is a security vulnerability with critical severity. If you are a hacker you know it as well that it takes a lot of times to find a sql injection vulnerability on a target. It will be worse if you are a penetration tester. You must check this vulnerability on all of target URLs by intercepting packets using Burp Suit or other tools and in big Portals it’s not easy.

I have good news for hackers and pen testers. I made it easier by my new python script. The only thing you should do, is exporting your packets as a burp suit state file. The rest of steps will done by my script. I called me script “Burp-TO-SQLMap” and I will explain the test process from the beginning.

Usage

Usage: ./burp-to-sqlmap.py [options]

Options: -f, --file

Options: -o, --outputdirectory

Options: -s, --sqlmappath

Options: -p, --proxy

Options: -r, --risk

Options: -l, --level

Options: -t, --tamper

Example: python burp-to-sqlmap.py -f [BURP-STATE-FILE] -o [OUTPUT-DIRECTORY] -s [SQLMap-Path]

• Vulnerable Packet Result

How to Create Request/Response File in BurpSuite

1. Select Your Request

2. Right Clicke one one of these selected requests

3. Uncheck Base64 Option and create your requests/responses file