Research Academy
My account Customers About Blog Careers Legal Contact Resellers
  1. Support Center
  2. BApp Store
  3. SQLMap DNS Collaborator

Professional

SQLMap DNS Collaborator

Download BApp

SqlmapDnsCollaborator is a Burp Extension that lets you perform DNS exfiltration with Sqlmap with zero configuration needed. You won't need a domain name or a public IP, just a computer with Sqlmap and Burp.

How you would normally perform DNS exfiltration with Sqlmap:

  1. You buy a domain name, a public IP and then you set up a server!!
  2. You run Sqlmap on that server, which performs some SQL injection on the vulnerable target.
  3. Vulnerable target sends DNS requests to your DNS server containing interesting data.
  4. DNS requests are interpreted by Sqlmap.

How you are going to perform DNS exfiltration with Sqlmap and SqlmapDnsCollaborator:

  1. You open Burp on your computer and enable SqlmapDnsCollaborator.
  2. You run Sqlmap on your computer, which performs some SQL injection on the vulnerable target.
  3. Vulnerable target sends DNS requests to Burp Collaborator containing interesting data.
  4. SqlmapDnsCollaborator reads DNS requests from Burp Collaborator and sends them to Sqlmap.
  5. DNS requests are interpreted by Sqlmap.

Author

 Author

Luca Capacci

Version

 Version

1.0

Rating

 Rating

Popularity

 Popularity

Last updated

 Last updated

24 March 2021

Estimated system impact

 Estimated system impact

Overall impact: Low

Memory
Low
CPU
Low
General
Low
Scanner
Low

You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.

You can view the source code for all BApp Store extensions on our GitHub page.

Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.

Go back to BappStore

Note:

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.