Blind SQL Injections - BSQL Hacker
BSQL (Blind SQL) Hacker is an automated SQL Injection Framework / Tool designed to exploit SQL injection vulnerabilities virtually in any database.
BSQL Hacker aims for experienced users as well as beginners who want to automate SQL Injections (especially Blind SQL Injections).It allows metasploit alike exploit repository to share and update exploits.
Blind SQL Hacker Key Features
ºEasy Mode
ºSQL Injection Wizard
ºAutomated Attack Support (database dump)
ºORACLE
ºMSSQL
ºMySQL (experimental)
ºGeneral
ºFast and Multithreaded
º4 Different SQL Injection Support
ºBlind SQL Injection
ºTime Based Blind SQL Injection
ºDeep Blind (based on advanced time delays) SQL Injection
ºError Based SQL Injection
ºCan automate most of the new SQL Injection methods those relies on Blind SQL Injection
ºRegEx Signature support
ºConsole and GUI Support
ºLoad / Save Support
ºToken / Nonce / ViewState etc. Support
ºSession Sharing Support
ºAdvanced Configuration Support
ºAutomated Attack mode, Automatically extract all database schema and data mode
ºUpdate / Exploit Repository Features
ºMetasploit alike but exploit repository support
ºAllows to save and share SQL Injection exploits
ºSupports auto-update
ºCustom GUI support for exploits (cookie input, URL input etc.)
ºGUI Features
ºLoad and Save
ºTemplate and Attack File Support (Users can save sessions and share them. Some sections like username, password or cookie in the templates can be show to the user in a GUI)
ºVisually view true and false responses as well as full HTML response, including time and stats
ºConnection Related
ºProxy Support (Authenticated Proxy Support)
ºNTLM, Basic Auth Support, use default credentials of current user/application
ºSSL (also invalid certificates) Support
ºCustom Header Support
ºInjection Points (only one of them or combination)
ºQuery String
ºPost
ºHTTP Headers
ºCookies
ºOther
ºPost Injection data can be stored in a separated file
ºXML Output (not stable)
ºCSRF protection support