Stepping it up with SQLMap

Let's take a look at how a tool we've already gotten familiar with, Burp Suite, can be used to feed one of Kali's most venerable tools in SQLI, SQLMap, to assist in checking for all sorts of SQLI. Just a warning – while Burp is about as quick and versatile as tools get, SQLMap takes a long time to get through its many tests. The test run for this chapter took well over 10 hours on a souped up VM (4 cores, 8 GB of RAM) but it is well worth the wait. Lets check out how this process works.

First of all, we'll need to dust off the cobwebs and start up Burp Suite, making it our proxy and allowing it to intercept our requests. Having done that, we can surf to the same login page we've been picking on, enter in some guest ...

Get Mastering Kali Linux for Web Penetration Testing now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.