docs for sqli (#66)

docs for sqli
mushorg · Aug 7, 2016 · e94a74c · e94a74c
1 parent 4e8e98a
commit e94a74c
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 12 deletions.
diff --git a/data/db_config.json b/data/db_config.json
@@ -4,18 +4,12 @@
     {
       "table_name": "users",
       "schema": "CREATE TABLE users (id INTEGER PRIMARY KEY, username text, email text, password text);",
-      "data_tokens": "I,L,E,P",
-      "requests": [
-        "SELECT username FROM users WHERE id="
-      ]
+      "data_tokens": "I,L,E,P"
     },
     {
       "table_name": "comments",
       "schema": "CREATE TABLE comments (id INTEGER PRIMARY KEY, comment text);",
-      "data_tokens": "I,T",
-      "requests": [
-        "SELECT comment FROM comments WHERE id="
-      ]
+      "data_tokens": "I,T"
     }
   ]
 }
diff --git a/docs/source/db_setup.rst b/docs/source/db_setup.rst
@@ -0,0 +1,56 @@
+DB Setup
+========
+
+To setup a database for sqli emulation TANNER provides ``db_config.json`` file, which stores the configuration of a database.
+``db_config.json`` has the following structure:
+
+::
+
+    {
+        "name": "db name"
+        "tables":[
+            {
+                "table name": "name of the table"
+                "schema": "the result of sqlite3 command .schema, create table expression"
+                "data_tokens": "types of data in the columns"
+            }
+        ]
+    }
+
+
+Default ``db_config.json``:
+
+::
+
+    {
+      "name": "test1",
+      "tables": [
+        {
+          "table_name": "users",
+          "schema": "CREATE TABLE users (id INTEGER PRIMARY KEY, username text, email text, password text);",
+          "data_tokens": "I,L,E,P"
+        },
+        {
+          "table_name": "comments",
+          "schema": "CREATE TABLE comments (id INTEGER PRIMARY KEY, comment text);",
+          "data_tokens": "I,T"
+        }
+      ]
+    }
+
+You can change default config to make your own db structure.
+
+Data tokens
+~~~~~~~~~~~
+
+Data tokens are used for filling the database with dummy data.
+There are 4 default tokens:
+        * **I** -- integer id
+        * **L** -- login/username
+        * **E** -- email
+        * **P** -- password
+        * **T** -- piece of text
+
+
+**Note**: TANNER uses the default linux wordlist (``/usr/share/dict/words``) for data.
+If you don't have the default wordlist in your system, install it or put it manually in ``/usr/share/dict``.
diff --git a/docs/source/emulators.rst b/docs/source/emulators.rst
@@ -2,7 +2,7 @@ Emulators
 ---------
 RFI emulator
 ~~~~~~~~~~~~
-Emulate RFI_ vulnerability. This attack type is detected with pattern: 
+It emulates RFI_ vulnerability. This attack type is detected with pattern:
 
 ::
 
@@ -22,7 +22,7 @@ RFI emulation include two steps:
 
 LFI emulator
 ~~~~~~~~~~~~
-Emulate LFI_ vulnerability. This attack type is detected with pattern: 
+It emulates LFI_ vulnerability. This attack type is detected with pattern:
 
 ::
 
@@ -59,7 +59,7 @@ When LFI attack is detected, LFI emulator:
 
 XSS emulator
 ~~~~~~~~~~~~
-Emulate XSS_ vulnerability. This attack type is detected with pattern:
+It emulates XSS_ vulnerability. This attack type is detected with pattern:
 
 ::
 
@@ -73,7 +73,19 @@ Emulator returns the script body and the page, into which this script must be in
 * Page is selected from the current session paths (see :doc:`sessions`). It's the last page with mime type ``text/html``.
 * Script is injected into page on SNARE side.
 
+SQLi emulator
+~~~~~~~~~~~~~
+
+It emulates `SQL injection`_ vulnerability. This attack is detected by ``libinjection``. To install ``libinjection``, see the official manual_.
+
+The emulator copies the original database (see :doc:`db_setup` for more info about db) to a dummy database for every attacker.
+It uses UUID of the session for the attacker's db name. Every query is executed on the attacker's db.
+The emulator returns the result of the execution and the page where SNARE should show the result.
+
+
 .. _RFI: https://en.wikipedia.org/wiki/File_inclusion_vulnerability#Remote_File_Inclusion
 .. _PHPox: https://github.com/mushorg/phpox
 .. _LFI: https://en.wikipedia.org/wiki/File_inclusion_vulnerability#Local_File_Inclusion
-.. _XSS: https://en.wikipedia.org/wiki/Cross-site_scripting
+.. _XSS: https://en.wikipedia.org/wiki/Cross-site_scripting
+.. _SQL injection: https://en.wikipedia.org/wiki/SQL_injection
+.. _manual: https://github.com/client9/libinjection/wiki/doc-sqli-python