SQL Sniper

SQL Sniper

sqlsniper

A Chrome Extension that finds elements vulnerable to SQL Injections

To Run SQL Sniper:

1. git clone https://github.com/mje349/citrus_hack_2020_mje349
2. open the Google Chrome browser and go to chrome://extensions
3. Turn on Developer Mode
4. Click on Load unpacked
5. Locate the cloned repo "citrus_hack_2020_mje349" and Select Folder
6. The Sql Sniper Icon should now appear with you Chrome Extensions
7. You are now ready to go threat hunting!

Bugs

1.Currently, SQL Sniper identifies all input tags

NOTE

More work needs to be done on SQL Sniper for it to become the tool I designed it to be.

Future Features

1.Ability to detect the kinds of sql injections a web app is vulnerable to e.g. In-band SQLi, Union-Select Attacks, Time-based attacks, etc.

License

I'm making this project and its code free and available for everyone under the MIT License. You are free to use, copy, modify, merge, publish, distribute, etc. Use this project to learn - add on to your own project - make the world a better place!

Built With

javascript

Updates

mje349 Esguerra posted an update — Apr 26, 2020 05:15 PM EDT

Please let me know if you have any questions about SQL Sniper - I stayed up all night - I forgot to include how it works - I only put out info on how to get the project working on your computer

Log in or sign up for Devpost to join the conversation.

mje349 Esguerra started this project — Apr 26, 2020 07:30 AM EDT

Leave feedback in the comments!

Log in or sign up for Devpost to join the conversation.