From 43a2215a135427edd5edd16a2dac3e518b675c69 Mon Sep 17 00:00:00 2001 From: Paul Johnston Date: Fri, 5 Jan 2018 14:02:56 +0000 Subject: [PATCH 1/5] Update description --- BappDescription.html | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/BappDescription.html b/BappDescription.html index 98bd57e..2e21ca9 100644 --- a/BappDescription.html +++ b/BappDescription.html @@ -2,22 +2,18 @@

Requirements:

-

SQLMap comes with a RESTful based server that will execute SQLMap scans. You can manually start the server -with:

-
 python sqlmapapi.py -s -H <ip> -p <port>
-
-

Alternatively, you can use the SQLMap API tab to select the IP/Port on which to run, as well as the path to python and sqlmapapi.py on your system. -

+

SQLMap is embedded within the extension; it will be automatically configured, so you can click Start API. +In some cases you may need to manually adjust the configuration or run the SQLMap API manually.

+

Once the SQLMap API is running, you just need to right-click in the 'Request' sub tab of either the Target or Proxy main tabs and choose 'SQLiPy Scan' from the context menu. +This will populate the SQLMap Scanner tab with information about that request. Clicking the 'Start Scan' button will execute a scan.

-This will populate the SQLMap Scanner tab with information about that request. Clicking the 'Start Scan' button will execute a scan. - -If the page is vulnerable to SQL injection, then these will be added to the Scanner Results tab. +

If the page is vulnerable to SQL injection, then these will be added to the Scanner Results tab.

From 72c26c134ca30087b8e22cdd5decdecb048e727d Mon Sep 17 00:00:00 2001 From: PortSwigger Support Date: Thu, 4 Mar 2021 15:32:09 +0000 Subject: [PATCH 2/5] Manifest update --- BappManifest.bmf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/BappManifest.bmf b/BappManifest.bmf index 4ca6639..8f56682 100644 --- a/BappManifest.bmf +++ b/BappManifest.bmf @@ -3,9 +3,10 @@ ExtensionType: 2 Name: SQLiPy Sqlmap Integration RepoName: sqli-py ScreenVersion: 0.8.2 -SerialVersion: 18 +SerialVersion: 19 MinPlatformVersion: 0 ProOnly: False Author: Josh Berry @ CodeWatch ShortDescription: Initiates SQLMap scans directly from within Burp. EntryPoint: SQLiPy.py +BuildCommand: From eeadae358e8c4fa0384a3e2a734330148bf779bf Mon Sep 17 00:00:00 2001 From: PortSwigger Support Date: Tue, 20 Dec 2022 13:10:10 +0000 Subject: [PATCH 3/5] BApp Store update --- BappDescription.html | 4 ++-- BappManifest.bmf | 5 +++-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/BappDescription.html b/BappDescription.html index a8109a6..2fdb70d 100644 --- a/BappDescription.html +++ b/BappDescription.html @@ -2,8 +2,8 @@

Requirements:

    -
  • Jython 2.7 beta, due to the use of json.
    • -
  • Java 1.7 or later (the beta version of Jython 2.7 requires this).
    • +
  • Jython 2.7 (up to 2.7.2) DO NOT USE Jython 2.7.3, it has a bug that will cause the extension to fail
    • +
  • Java 1.7 or later (the beta version of Jython 2.7 requires this). Note: Newer versions of Java do appear to work. Testing with jdk-11.0.7 works fine and newer versions are expected to work as well.
  • A running instance of the SQLMap API server.
diff --git a/BappManifest.bmf b/BappManifest.bmf index 8f56682..766afb2 100644 --- a/BappManifest.bmf +++ b/BappManifest.bmf @@ -2,11 +2,12 @@ Uuid: f154175126a04bfe8edc6056f340f52e ExtensionType: 2 Name: SQLiPy Sqlmap Integration RepoName: sqli-py -ScreenVersion: 0.8.2 -SerialVersion: 19 +ScreenVersion: 0.8.4 +SerialVersion: 21 MinPlatformVersion: 0 ProOnly: False Author: Josh Berry @ CodeWatch ShortDescription: Initiates SQLMap scans directly from within Burp. EntryPoint: SQLiPy.py BuildCommand: +SupportedProducts: Pro, Community From 203ef7fad7af661888a5d2f205d3582f5190537c Mon Sep 17 00:00:00 2001 From: PortSwigger Support Date: Thu, 8 Jun 2023 15:35:28 +0000 Subject: [PATCH 4/5] BApp Store update v0.8.5 --- BappManifest.bmf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/BappManifest.bmf b/BappManifest.bmf index 766afb2..0647478 100644 --- a/BappManifest.bmf +++ b/BappManifest.bmf @@ -2,8 +2,8 @@ Uuid: f154175126a04bfe8edc6056f340f52e ExtensionType: 2 Name: SQLiPy Sqlmap Integration RepoName: sqli-py -ScreenVersion: 0.8.4 -SerialVersion: 21 +ScreenVersion: 0.8.5 +SerialVersion: 22 MinPlatformVersion: 0 ProOnly: False Author: Josh Berry @ CodeWatch From 1a9c1a4ae14ca4d06872955eb03ead1bfc077c0f Mon Sep 17 00:00:00 2001 From: Hannah Law Date: Fri, 23 May 2025 09:14:54 +0000 Subject: [PATCH 5/5] BApp Store update v0.8.6 --- BappDescription.html | 31 +++++++++++++++++-------------- BappManifest.bmf | 2 +- 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/BappDescription.html b/BappDescription.html index 2fdb70d..74b0483 100644 --- a/BappDescription.html +++ b/BappDescription.html @@ -1,19 +1,22 @@ -

This extension integrates Burp Suite with SQLMap.

+

SQLiPy integrates SQLMap using its API, enabling SQL injection scans directly within Burp Suite. The plugin connects to a running instance of the SQLMap API server to perform scans on requests.

-

Requirements:

+

Features

    -
  • Jython 2.7 (up to 2.7.2) DO NOT USE Jython 2.7.3, it has a bug that will cause the extension to fail
    • -
  • Java 1.7 or later (the beta version of Jython 2.7 requires this). Note: Newer versions of Java do appear to work. Testing with jdk-11.0.7 works fine and newer versions are expected to work as well.
    • -
  • A running instance of the SQLMap API server.
    • +
  • Integrates SQLMap API for automated SQL injection scanning.
    • +
  • Option to manually start the SQLMap API server or connect to an existing one.
    • +
  • Initiates scans by right-clicking requests in the "Target" or "Proxy" tabs.
    • +
  • Displays scan results in the "Scanner Results" tab if vulnerabilities are detected.
-

SQLMap is embedded within the extension; it will be automatically configured, so you can click Start API. -In some cases you may need to manually adjust the configuration or run the SQLMap API manually.

+

Usage

+
    +
  1. Start the SQLMap API server manually with the following command:
    + 
    python sqlmapapi.py -s -H <ip> -p <port>
    +
    2. +
  2. Alternatively, use the "SQLMap API" tab to select the IP/Port and provide the path to your sqlmapapi.py and Python installations.
    3. +
  3. Once the SQLMap API is active, right-click a request in the "Request" sub-tab of the "Target" or "Proxy" tabs and select "SQLiPy Scan".
    4. +
  4. The request details will populate the SQLMap Scanner tab. Click the "Start Scan" button to initiate the scan.
    5. +
  5. If the page is vulnerable to SQL injection, the plugin will poll the results and add them to the "Scanner Results" tab.
    6. +
-

Once the SQLMap API is running, you just need to right-click in the 'Request' -sub tab of either the Target or Proxy main tabs and choose 'SQLiPy Scan' from -the context menu. -This will populate the SQLMap Scanner tab with information about that request. Clicking the 'Start Scan' button will execute a scan.

- -

If the page is vulnerable to SQL injection, then these will be added to the Scanner Results tab. -

+

Note: Jython 2.7-2.7.2 is supported. DO NOT USE Jython 2.7.3, as it has a bug that will cause the extension to fail.

diff --git a/BappManifest.bmf b/BappManifest.bmf index cab7b0d..97c8273 100644 --- a/BappManifest.bmf +++ b/BappManifest.bmf @@ -3,7 +3,7 @@ ExtensionType: 2 Name: SQLiPy Sqlmap Integration RepoName: sqli-py ScreenVersion: 0.8.6 -SerialVersion: 23 +SerialVersion: 24 MinPlatformVersion: 0 ProOnly: False Author: Josh Berry @ CodeWatch