DetSql Overview
DetSql is a Burp Suite plugin designed for quickly detecting potential SQL injection requests from HTTP traffic. It minimizes the interception needed while improving the efficiency of SQL injection testing.
Key Features:
- Detection Methods: Utilizes various methods to determine potential SQL injection vulnerabilities including error types, numeric checks, order injection, character-based injection, and boolean injection.
- User-Friendly Interface: The main dashboard presents clearly organized data for improved navigation and decision-making.
- Customizable Settings: Users can configure whitelists, blacklists, and set error payloads to refine their testing processes.
- Efficient Request Handling: Supports lightweight threading for manual testing while maintaining performance even under large loads.
- Log Management: Provides functionalities to delete logs for effective management and analysis of test results.
Benefits:
- Improved Testing Efficiency: By automating the detection of vulnerabilities, DetSql significantly enhances the speed and thoroughness of security testing.
- Flexibility in Testing: Support for a variety of SQL database types (MySQL, SQL Server, Oracle, PostgreSQL) allows for flexible testing based on user needs.
Highlights:
- Developed using the Burp Suite Java Plugin API, requiring Burp Suite version >=2023.12.1.
- Includes mechanisms to handle specific scenarios like JSON data encoding issues and the ability to perform binary matches to identify injection patterns.
DetSql aims to assist manual testers by reducing overhead and improving the accuracy of SQL injection vulnerability assessment.
