Burpsuite结合SQLMapAPI批量注入插件(X10)使用教程<\/h1>

一、插件概述<\/h2>
本插件是Burpsuite与SQLMapAPI结合的批量SQL注入检测工具，主要功能特点：<\/p>
实现了Burpsuite流量捕获与SQLMap自动化检测的无缝衔接<\/li>
支持多任务并发检测（可配置线程数）<\/li>
提供灵活的过滤配置选项<\/li>
支持正则匹配目标域名<\/li>
集成SQLMap全部参数配置能力<\/li>
具备任务状态监控和结果展示功能<\/li> <\/ol>
二、环境准备<\/h2>

1. 所需组件<\/h3>
Burpsuite Professional版<\/li>
SQLMapAPI服务（需单独部署）<\/li>
本插件jar文件<\/li> <\/ul>
2. SQLMapAPI服务部署<\/h3>
需在服务器上启动SQLMapAPI服务：<\/p>
python sqlmapapi.py -s -H <IP> -p <PORT>
<\/code><\/pre>
三、插件安装<\/h2>

下载插件jar文件（下载地址见文末）<\/li>
在Burpsuite中安装：

打开Burpsuite → Extender → Add → 选择下载的jar文件<\/li>
<\/ul>
<\/li>
<\/ol>
四、插件界面详解<\/h2>
插件分为三个主要面板：<\/p>
1. 任务面板(Server Panel)<\/h3>

Server<\/strong>：SQLMapAPI服务的IP和端口（格式：IP:PORT）<\/li>
THREAD<\/strong>：并发检测的任务数量（建议根据服务器性能设置）<\/li>
Domain<\/strong>：目标域名（支持正则匹配）<\/li>
CLEAN<\/strong>：清除任务缓存列表<\/li>
TEST<\/strong>：测试SQLMapAPI连接<\/li>
START<\/strong>：开始检测<\/li>
<\/ul>
2. SQLMapAPI参数配置面板<\/h3>

Tamper<\/strong>：SQLMap自带的tamper脚本，可输入多个（逗号分隔）<\/li>
LogFile<\/strong>：扫描日志文件路径（位于SQLMapAPI服务器上）<\/li>
<\/ul>
3. 过滤条件面板<\/h3>

ExcludeSuffix<\/strong>：排除指定后缀的请求（正则表达式）

示例：.jpg|.png|.ico|.css|.js<\/code><\/li>
<\/ul>
<\/li>
IngoreCase<\/strong>：ExcludeSuffix是否区分大小写（默认不区分）<\/li>
IngoreParams<\/strong>：去重时忽略的参数（逗号分隔）

示例：timeStamp,randomId<\/code><\/li>
<\/ul>
<\/li>
ExcludeParams<\/strong>：包含这些参数的请求将被过滤

示例：checkCode,verifyCode<\/code><\/li>
<\/ul>
<\/li>
<\/ul>
五、核心功能实现原理<\/h2>
1. 请求监听处理<\/h3>
public<\/span> void<\/span> processHttpMessage<\/span>(<\/span>int<\/span> toolFlag,<\/span> boolean<\/span> messageIsRequest,<\/span> IHttpRequestResponse messageInfo)<\/span> {<\/span>
<\/span><\/span>    boolean<\/span> addFlag =<\/span> false<\/span>;<\/span>
<\/span><\/span>    \/\/ 判断是否为request请求且开关打开
<\/span><\/span><\/span><\/span>    if<\/span> (<\/span>messageIsRequest &&<\/span> sqlmapApiPanel.<\/span>isStart<\/span>())<\/span> {<\/span>
<\/span><\/span>        String host =<\/span> helpers.<\/span>analyzeRequest<\/span>(<\/span>messageInfo).<\/span>getUrl<\/span>().<\/span>getHost<\/span>();<\/span>
<\/span><\/span>        \/\/ 域名正则匹配
<\/span><\/span><\/span><\/span>        if<\/span> (<\/span>host.<\/span>matches<\/span>(<\/span>targetDomian))<\/span> {<\/span>
<\/span><\/span>            IRequestInfo iRequestInfo =<\/span> helpers.<\/span>analyzeRequest<\/span>(<\/span>messageInfo);<\/span>
<\/span><\/span>            \/\/ 处理URL
<\/span><\/span><\/span><\/span>            String url =<\/span> String.<\/span>valueOf<\/span>(<\/span>iRequestInfo.<\/span>getUrl<\/span>());<\/span>
<\/span><\/span>            url =<\/span> url.<\/span>indexOf<\/span>(<\/span>"?"<\/span>)<\/span> ><\/span> 0<\/span> ?<\/span> url.<\/span>substring<\/span>(<\/span>0<\/span>,<\/span> url.<\/span>indexOf<\/span>(<\/span>"?"<\/span>))<\/span> :<\/span> url;<\/span>
<\/span><\/span>            \/\/ 排除指定后缀
<\/span><\/span><\/span><\/span>            if<\/span> (!<\/span>excludeSuffix.<\/span>matcher<\/span>(<\/span>url).<\/span>matches<\/span>())<\/span> {<\/span>
<\/span><\/span>                \/\/ 构造任务实体
<\/span><\/span><\/span><\/span>                TaskEntity entity =<\/span> new<\/span> TaskEntity(<\/span>iRequestInfo.<\/span>getUrl<\/span>(),<\/span> 
<\/span><\/span>                    iRequestInfo.<\/span>getMethod<\/span>(),<\/span> 
<\/span><\/span>                    callbacks.<\/span>saveBuffersToTempFiles<\/span>(<\/span>messageInfo),<\/span> 
<\/span><\/span>                    iRequestInfo);<\/span>
<\/span><\/span>                \/\/ 数据去重检测
<\/span><\/span><\/span><\/span>                String hash =<\/span> bCrypt.<\/span>hashpw<\/span>(<\/span>entity.<\/span>getSignString<\/span>(-<\/span>1<\/span>,<\/span> ingoreParams),<\/span> SALT);<\/span>
<\/span><\/span>                Integer repeatCheckValue =<\/span> 1<\/span>;<\/span>
<\/span><\/span>                if<\/span> (<\/span>String.<\/span>valueOf<\/span>(<\/span>iRequestInfo.<\/span>getHeaders<\/span>()).<\/span>indexOf<\/span>(<\/span>"Chris-To-Sqlmap"<\/span>)<\/span> !=<\/span> -<\/span>1<\/span>)<\/span> {<\/span>
<\/span><\/span>                    if<\/span> (<\/span>repeatCheck.<\/span>containsKey<\/span>(<\/span>hash))<\/span> {<\/span>
<\/span><\/span>                        repeatCheckValue =<\/span> repeatCheck.<\/span>get<\/span>(<\/span>hash)<\/span> +<\/span> 1<\/span>;<\/span>
<\/span><\/span>                        hash =<\/span> hash +<\/span> repeatCheckValue;<\/span>
<\/span><\/span>                    }<\/span>
<\/span><\/span>                    addFlag =<\/span> true<\/span>;<\/span>
<\/span><\/span>                }<\/span>
<\/span><\/span>                \/\/ 参数过滤检测
<\/span><\/span><\/span><\/span>                else<\/span> if<\/span> (!<\/span>repeatCheck.<\/span>containsKey<\/span>(<\/span>hash)<\/span> &&<\/span> !<\/span>entity.<\/span>hasParams<\/span>(<\/span>excludeParams))<\/span> {<\/span>
<\/span><\/span>                    if<\/span> (!<\/span>entity.<\/span>getParamBody<\/span>().<\/span>isEmpty<\/span>())<\/span> {<\/span> \/\/ POST参数
<\/span><\/span><\/span><\/span>                        addFlag =<\/span> true<\/span>;<\/span>
<\/span><\/span>                    }<\/span> else<\/span> if<\/span> (!<\/span>entity.<\/span>getParamUrl<\/span>().<\/span>isEmpty<\/span>())<\/span> {<\/span> \/\/ GET参数
<\/span><\/span><\/span><\/span>                        addFlag =<\/span> true<\/span>;<\/span>
<\/span><\/span>                    }<\/span> else<\/span> if<\/span> (<\/span>sqlmapApiOption.<\/span>getLevel<\/span>()<\/span> >=<\/span> 3<\/span> &&<\/span> !<\/span>entity.<\/span>getParamCookie<\/span>().<\/span>isEmpty<\/span>())<\/span> {<\/span> \/\/ Cookie参数
<\/span><\/span><\/span><\/span>                        addFlag =<\/span> true<\/span>;<\/span>
<\/span><\/span>                    }<\/span>
<\/span><\/span>                }<\/span>
<\/span><\/span>                if<\/span> (<\/span>addFlag)<\/span> {<\/span>
<\/span><\/span>                    int<\/span> row =<\/span> listTasks.<\/span>size<\/span>();<\/span>
<\/span><\/span>                    repeatCheck.<\/span>put<\/span>(<\/span>hash,<\/span> repeatCheckValue);<\/span>
<\/span><\/span>                    listTasks.<\/span>add<\/span>(<\/span>entity);<\/span>
<\/span><\/span>                    fireTableRowsInserted(<\/span>row,<\/span> listTasks.<\/span>size<\/span>());<\/span>
<\/span><\/span>                }<\/span>
<\/span><\/span>            }<\/span>
<\/span><\/span>        }<\/span>
<\/span><\/span>    }<\/span>
<\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>2. 任务执行处理<\/h3>
public<\/span> void<\/span> run<\/span>()<\/span> {<\/span>
<\/span><\/span>    while<\/span> (<\/span>true<\/span>)<\/span> {<\/span>
<\/span><\/span>        if<\/span> (!<\/span>threadFlag)<\/span> {<\/span>
<\/span><\/span>            try<\/span> {<\/span>
<\/span><\/span>                sqlmapApiPanel.<\/span>setMessage<\/span>(<\/span>"Waiting..."<\/span>);<\/span>
<\/span><\/span>                sleep(<\/span>3<\/span> *<\/span> 1000<\/span>);<\/span>
<\/span><\/span>            }<\/span> catch<\/span> (<\/span>InterruptedException e)<\/span> {<\/span>
<\/span><\/span>                stderr.<\/span>print<\/span>(<\/span>e.<\/span>getMessage<\/span>());<\/span>
<\/span><\/span>            }<\/span>
<\/span><\/span>            continue<\/span>;<\/span>
<\/span><\/span>        }<\/span>
<\/span><\/span>        
<\/span><\/span>        \/\/ 添加新任务
<\/span><\/span><\/span><\/span>        if<\/span> (<\/span>runingTasks.<\/span>size<\/span>()<\/span> <<\/span> THREAD_NUMBER &&<\/span> listTasks_start <<\/span> listTasks.<\/span>size<\/span>())<\/span> {<\/span>
<\/span><\/span>            while<\/span> (<\/span>runingTasks.<\/span>size<\/span>()<\/span> <<\/span> THREAD_NUMBER &&<\/span> listTasks_start <<\/span> listTasks.<\/span>size<\/span>())<\/span> {<\/span>
<\/span><\/span>                TaskEntity entityNew =<\/span> listTasks.<\/span>get<\/span>(<\/span>listTasks_start);<\/span>
<\/span><\/span>                entityNew.<\/span>setTaskid<\/span>(<\/span>sqlmapapi.<\/span>tastNew<\/span>(<\/span>sqlmapapiServer));<\/span>
<\/span><\/span>                if<\/span> (<\/span>entityNew.<\/span>getTaskid<\/span>()<\/span> !=<\/span> null<\/span>)<\/span> {<\/span>
<\/span><\/span>                    entityNew.<\/span>setTaskEngineid<\/span>(<\/span>sqlmapapi.<\/span>taskStart<\/span>(<\/span>sqlmapapiServer,<\/span> entityNew,<\/span> sqlmapApiOption));<\/span>
<\/span><\/span>                    runingTasks.<\/span>put<\/span>(<\/span>entityNew.<\/span>getTaskid<\/span>(),<\/span> entityNew);<\/span>
<\/span><\/span>                    sqlmapApiPanel.<\/span>setMessage<\/span>(<\/span>"New task "<\/span>+<\/span>entityNew.<\/span>getTaskid<\/span>()+<\/span>" , URL :"<\/span>+<\/span>String.<\/span>valueOf<\/span>(<\/span>entityNew.<\/span>getUrl<\/span>()));<\/span>
<\/span><\/span>                    listTasks_start++;<\/span>
<\/span><\/span>                }<\/span> else<\/span> {<\/span>
<\/span><\/span>                    try<\/span> {<\/span>
<\/span><\/span>                        sqlmapApiPanel.<\/span>setMessage<\/span>(<\/span>"New task failed! URL :"<\/span>+<\/span>String.<\/span>valueOf<\/span>(<\/span>entityNew.<\/span>getUrl<\/span>()));<\/span>
<\/span><\/span>                        sleep(<\/span>3<\/span> *<\/span> 1000<\/span>);<\/span>
<\/span><\/span>                    }<\/span> catch<\/span> (<\/span>InterruptedException e)<\/span> {<\/span>
<\/span><\/span>                        stderr.<\/span>print<\/span>(<\/span>e.<\/span>getMessage<\/span>());<\/span>
<\/span><\/span>                    }<\/span>
<\/span><\/span>                    continue<\/span>;<\/span>
<\/span><\/span>                }<\/span>
<\/span><\/span>            }<\/span>
<\/span><\/span>        }<\/span>
<\/span><\/span>        
<\/span><\/span>        \/\/ 刷新任务状态
<\/span><\/span><\/span><\/span>        if<\/span> (<\/span>runingTasks.<\/span>size<\/span>()<\/span> !=<\/span> 0<\/span>)<\/span> {<\/span>
<\/span><\/span>            List<<\/span>String><\/span> removeList =<\/span> new<\/span> ArrayList<>();<\/span>
<\/span><\/span>            for<\/span> (<\/span>String key :<\/span> runingTasks.<\/span>keySet<\/span>())<\/span> {<\/span>
<\/span><\/span>                TaskEntity entityRuning =<\/span> runingTasks.<\/span>get<\/span>(<\/span>key);<\/span>
<\/span><\/span>                String status =<\/span> sqlmapapi.<\/span>flushStatus<\/span>(<\/span>sqlmapapiServer,<\/span> entityRuning);<\/span>
<\/span><\/span>                sqlmapApiPanel.<\/span>setMessage<\/span>(<\/span>"Flash task ["<\/span> +<\/span> key +<\/span> "] status : "<\/span> +<\/span> status);<\/span>
<\/span><\/span>                if<\/span> (<\/span>"terminated"<\/span>.<\/span>equals<\/span>(<\/span>status))<\/span> {<\/span>
<\/span><\/span>                    entityRuning.<\/span>setTaskStatus<\/span>(<\/span>status);<\/span>
<\/span><\/span>                    entityRuning.<\/span>setTaskScanData<\/span>(<\/span>sqlmapapi.<\/span>flushScanData<\/span>(<\/span>sqlmapapiServer,<\/span> entityRuning));<\/span>
<\/span><\/span>                    sqlmapApiPanel.<\/span>setMessage<\/span>(<\/span>"Task ["<\/span> +<\/span> key +<\/span> "] finished ."<\/span>);<\/span>
<\/span><\/span>                    removeList.<\/span>add<\/span>(<\/span>key);<\/span>
<\/span><\/span>                }<\/span> else<\/span> if<\/span> (<\/span>"not running"<\/span>.<\/span>equals<\/span>(<\/span>status))<\/span> {<\/span>
<\/span><\/span>                    stderr.<\/span>println<\/span>(<\/span>entityRuning.<\/span>getTaskid<\/span>()<\/span> +<\/span> " not running"<\/span>);<\/span>
<\/span><\/span>                }<\/span> else<\/span> {<\/span>
<\/span><\/span>                    entityRuning.<\/span>setTaskStatus<\/span>(<\/span>status);<\/span>
<\/span><\/span>                }<\/span>
<\/span><\/span>                try<\/span> {<\/span>
<\/span><\/span>                    sleep(<\/span>3<\/span> *<\/span> 1000<\/span>);<\/span>
<\/span><\/span>                }<\/span> catch<\/span> (<\/span>InterruptedException e)<\/span> {<\/span>
<\/span><\/span>                    stderr.<\/span>print<\/span>(<\/span>e.<\/span>getMessage<\/span>());<\/span>
<\/span><\/span>                }<\/span>
<\/span><\/span>            }<\/span>
<\/span><\/span>            if<\/span> (!<\/span>removeList.<\/span>isEmpty<\/span>())<\/span> {<\/span>
<\/span><\/span>                for<\/span> (<\/span>String key :<\/span> removeList)<\/span> {<\/span>
<\/span><\/span>                    runingTasks.<\/span>remove<\/span>(<\/span>key);<\/span>
<\/span><\/span>                }<\/span>
<\/span><\/span>            }<\/span>
<\/span><\/span>            fireTableRowsInserted(<\/span>0<\/span>,<\/span> listTasks.<\/span>size<\/span>());<\/span>
<\/span><\/span>        }<\/span> else<\/span> {<\/span>
<\/span><\/span>            try<\/span> {<\/span>
<\/span><\/span>                sleep(<\/span>3<\/span> *<\/span> 1000<\/span>);<\/span>
<\/span><\/span>            }<\/span> catch<\/span> (<\/span>InterruptedException e)<\/span> {<\/span>
<\/span><\/span>                stderr.<\/span>print<\/span>(<\/span>e.<\/span>getMessage<\/span>());<\/span>
<\/span><\/span>            }<\/span>
<\/span><\/span>        }<\/span>
<\/span><\/span>    }<\/span>
<\/span><\/span>}<\/span>
<\/span><\/span><\/code><\/pre>六、使用流程<\/h2>


配置SQLMapAPI服务<\/strong><\/p>

填写正确的Server地址和端口<\/li>
点击TEST测试连接<\/li>
<\/ul>
<\/li>

设置过滤条件<\/strong><\/p>

根据目标网站特点设置ExcludeSuffix<\/li>
设置需要忽略的参数(IngoreParams)<\/li>
设置需要排除的参数(ExcludeParams)<\/li>
<\/ul>
<\/li>

配置SQLMap参数<\/strong><\/p>

选择需要的tamper脚本<\/li>
设置日志文件路径<\/li>
<\/ul>
<\/li>

开始扫描<\/strong><\/p>

设置并发线程数(THREAD)<\/li>
输入目标域名（支持正则）<\/li>
点击START开始扫描<\/li>
<\/ul>
<\/li>

监控扫描进度<\/strong><\/p>

在任务列表中查看各任务状态<\/li>
在信息提示区域查看实时日志<\/li>
在扫描结果区域查看漏洞详情<\/li>
<\/ul>
<\/li>
<\/ol>
七、最佳实践建议<\/h2>


性能调优<\/strong><\/p>

根据服务器性能设置合适的THREAD值<\/li>
复杂的注入检测可适当减少并发数<\/li>
<\/ul>
<\/li>

过滤优化<\/strong><\/p>

精确设置ExcludeSuffix以减少无效请求<\/li>
正确识别并设置动态参数(IngoreParams)<\/li>
<\/ul>
<\/li>

结果分析<\/strong><\/p>

重点关注高风险注入点<\/li>
结合Burpsuite的Repeater模块验证漏洞<\/li>
<\/ul>
<\/li>

日志管理<\/strong><\/p>

定期清理SQLMapAPI服务器上的日志文件<\/li>
重要扫描结果建议单独保存<\/li>
<\/ul>
<\/li>
<\/ol>
八、注意事项<\/h2>

使用前确保已获得目标系统的合法授权<\/li>
高并发扫描可能对目标系统造成影响，建议在非业务高峰期进行<\/li>
复杂的正则匹配可能影响性能，建议先测试<\/li>
自定义tamper脚本需放置在SQLMap的tamper目录下<\/li>
<\/ol>
九、下载地址<\/h2>
插件下载：https:\/\/pan.baidu.com\/s\/1YPU_1tujStp69Z9g51AN9g

（历史版本和后续更新也将存放于此）<\/p>

本文基于Chris_D原创文章整理，仅供学习交流使用，请遵守相关法律法规<\/em><\/p>
Burpsuite结合SQLMapAPI批量注入插件(X10)使用教程<\/h1>

二、环境准备<\/h2>

四、插件界面详解<\/h2> 插件分为三个主要面板：<\/p>

五、核心功能实现原理<\/h2>

九、下载地址<\/h2> 插件下载：https:\/\/pan.baidu.com\/s\/1YPU_1tujStp69Z9g51AN9g （历史版本和后续更新也将存放于此）<\/p> 本文基于Chris_D原创文章整理，仅供学习交流使用，请遵守相关法律法规<\/em><\/p>

四、插件界面详解<\/h2>
插件分为三个主要面板：<\/p>

九、下载地址<\/h2>
插件下载：https:\/\/pan.baidu.com\/s\/1YPU_1tujStp69Z9g51AN9g
（历史版本和后续更新也将存放于此）<\/p>

本文基于Chris_D原创文章整理，仅供学习交流使用，请遵守相关法律法规<\/em><\/p>
