SQLiPy Sqlmap Integration

SQLiPy integrates SQLMap using its API, enabling SQL injection scans directly within Burp Suite. The plugin connects to a running instance of the SQLMap API server to perform scans on requests.

Features

• Integrates SQLMap API for automated SQL injection scanning.
• Option to manually start the SQLMap API server or connect to an existing one.
• Initiates scans by right-clicking requests in the "Target" or "Proxy" tabs.
• Displays scan results in the "Scanner Results" tab if vulnerabilities are detected.

Usage

1. Start the SQLMap API server manually with the following command:
   

   python sqlmapapi.py -s -H <ip> -p <port>

2. Alternatively, use the "SQLMap API" tab to select the IP/Port and provide the path to your sqlmapapi.py and Python installations.
3. Once the SQLMap API is active, right-click a request in the "Request" sub-tab of the "Target" or "Proxy" tabs and select "SQLiPy Scan".
4. The request details will populate the SQLMap Scanner tab. Click the "Start Scan" button to initiate the scan.
5. If the page is vulnerable to SQL injection, the plugin will poll the results and add them to the "Scanner Results" tab.

Note: Jython 2.7-2.7.2 is supported. DO NOT USE Jython 2.7.3, as it has a bug that will cause the extension to fail.