Due to the need to conduct penetration testing on external websites, most websites have access frequency control. Once this frequency is exceeded, the IP will be banned directly. This problem is particularly prominent when running SQLMAP. When SQLMAP is not completely run, it will directly exit with an error and the interface will be red.
So I started to study the proxy mode of SQLMAP. SQLMAP has two proxy modes, one is a normal proxy (HTTP proxy) and the other is an onion proxy.
Although I have the application of ordinary agents to write about, I found that Baidu has already elaborated it in detail, so I will not repeat it again. Sqlmap Extension—External IP Proxy Pool Implementation
Let’s focus on the onion proxy. At the beginning, when I used onion directly for injection, there was no “aunt red” report. Later, as the number of penetrated websites increased, I found that tor was still There is an error reporting problem. I am thinking whether the tor module in SQLMAP does not have the function of automatically switching IP.
So I wrote a code test to simulate the situation where the IP is directly banned when the intrusion detection system detects the injection. I use a delay of 1000 seconds here, and sqlmap will report an error.
MaxCircuitDirtiness 1
##
The above is the detailed content of What is the onion mode proxy of SQLMAP?. For more information, please follow other related articles on the PHP Chinese website!