Professional Community

SQLiPy Sqlmap Integration

SQLiPy integrates SQLMap using its API, enabling SQL injection scans directly within Burp Suite. The plugin connects to a running instance of the SQLMap API server to perform scans on requests.

Features

  • Integrates SQLMap API for automated SQL injection scanning.
  • Option to manually start the SQLMap API server or connect to an existing one.
  • Initiates scans by right-clicking requests in the "Target" or "Proxy" tabs.
  • Displays scan results in the "Scanner Results" tab if vulnerabilities are detected.

Usage

  1. Start the SQLMap API server manually with the following command:
    python sqlmapapi.py -s -H <ip> -p <port>
  2. Alternatively, use the "SQLMap API" tab to select the IP/Port and provide the path to your sqlmapapi.py and Python installations.
  3. Once the SQLMap API is active, right-click a request in the "Request" sub-tab of the "Target" or "Proxy" tabs and select "SQLiPy Scan".
  4. The request details will populate the SQLMap Scanner tab. Click the "Start Scan" button to initiate the scan.
  5. If the page is vulnerable to SQL injection, the plugin will poll the results and add them to the "Scanner Results" tab.

Note: Jython 2.7-2.7.2 is supported. DO NOT USE Jython 2.7.3, as it has a bug that will cause the extension to fail.

Author

Author

Josh Berry @ CodeWatch

Version

Version

0.8.6

Rating

Rating

Popularity

Popularity

Last updated

Last updated

23 May 2025

Estimated system impact

Estimated system impact

Overall impact: Low

Memory
Low
CPU
Low
General
Low
Scanner
Low

You can install BApps directly within Burp, via the BApp Store feature in the Burp Extender tool. You can also download them from here, for offline installation into Burp.

You can view the source code for all BApp Store extensions on our GitHub page.

Follow @BApp_Store on Twitter to receive notifications of all BApp releases and updates.

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.

Go back to BappStore

Note:

Please note that extensions are written by third party users of Burp, and PortSwigger Web Security makes no warranty about their quality or usefulness for any particular purpose.