当前位置:网站首页>入侵检测——jsql
入侵检测——jsql
2022-07-08 01:13:00 【lainwith】
介绍
jSQL injection是一款由JAVA开法的SQL自动化注入工具,它提供了数据库查询、后台爆破、文件读取、Web shell、SQL Shell、文件上传、暴力枚举、编码、批量注入测试等强大的功能,是一款非常不错的工具,也是渗透测试人员的强大助手。它支持GET\POST注入,同时也可以进行HTTP头注入(这个需要用户自动构建),它是免费的,开源的,跨平台的Windows,Linux和Mac,它适用于版本11到17的Java
工具的安装与应用范围,参见github地址:https://github.com/ron190/jsql-injection
使用
工具应该是自动检测系统语言,第一次打开直接是中文,很友好。
试一下,发现这是一款全自动sql注入工具,直接把数据都给扒下来了。
检测规则
工具的特征还是蛮明显的
得到snort规则:
alert tcp any any -> any any (msg:"jsql注入攻击"; flow:to_server; content:"Connection|3a 20|Upgrade, HTTP2-Settings"; http_header; nocase; content:"Upgrade|3a 20|h2c"; http_header; nocase; content:"User-Agent|3a 20|Java-http-client"; nocase; http_header; content:"HTTP2-Settings|3a 20|"; nocase; http_header; metadata:service http; metadata:service http; sid:1; rev:1;)
补充:我把ua纳入到了检测规则里,进一步提高了规则的准确度。虽然jsql支持ua自定义,进而可以绕过这个检测规则,但是我个人觉得,就算不能检测此工具也无妨,毕竟,谁家的规则库都能检测sql注入攻击,从这个意义上讲,规则不检测ua或者攻击者改变ua头的实际意义并不大。
边栏推荐
- Leetcode question brushing record | 27_ Removing Elements
- Introduction to ADB tools
- 【每日一题】736. Lisp 语法解析
- VIM string substitution
- Clickhouse principle analysis and application practice "reading notes (8)
- Popular science | what is soul binding token SBT? What is the value?
- The circuit is shown in the figure, r1=2k Ω, r2=2k Ω, r3=4k Ω, rf=4k Ω. Find the expression of the relationship between output and input.
- From starfish OS' continued deflationary consumption of SFO, the value of SFO in the long run
- 【每日一题】648. 单词替换
- th:include的使用
猜你喜欢
[knowledge map paper] Devine: a generative anti imitation learning framework for knowledge map reasoning
leetcode 869. Reordered Power of 2 | 869. Reorder to a power of 2 (state compression)
2022年5月互联网医疗领域月度观察
Gaussian filtering and bilateral filtering principle, matlab implementation and result comparison
A comprehensive and detailed explanation of static routing configuration, a quick start guide to static routing
数据链路层及网络层协议要点
Alo who likes TestMan
Leetcode featured 200 channels -- array article
常见的磁盘格式以及它们之间的区别
谈谈 SAP iRPA Studio 创建的本地项目的云端部署问题
随机推荐
Alo who likes TestMan
Infrared dim small target detection: common evaluation indicators
In depth analysis of ArrayList source code, from the most basic capacity expansion principle, to the magic iterator and fast fail mechanism, you have everything you want!!!
Redisson distributed lock unlocking exception
Leetcode featured 200 channels -- array article
[recommendation system paper reading] recommendation simulation user feedback based on Reinforcement Learning
Mqtt x newsletter 2022-06 | v1.8.0 release, new mqtt CLI and mqtt websocket tools
Spock单元测试框架介绍及在美团优选的实践_第四章(Exception异常处理mock方式)
JVM memory and garbage collection -4-string
Introduction to grpc for cloud native application development
EMQX 5.0 发布:单集群支持 1 亿 MQTT 连接的开源物联网消息服务器
Vim 字符串替换
burpsuite
Nmap tool introduction and common commands
Introduction to QT: video player
Node JS maintains a long connection
Force buckle 5_ 876. Intermediate node of linked list
Emqx 5.0 release: open source Internet of things message server with single cluster supporting 100million mqtt connections
Introduction à l'outil nmap et aux commandes communes
OpenGL/WebGL着色器开发入门指南