Skip to content
Lambda-Proxy creates an HTTP proxy listening on localhost port 8082. When it receives an HTTP POST request with a very specific structure , it will parse the request, extract the relevant data required for the test, and will invoke your AWS Lambda function using the AWS SDK client.invoke() method. It was created for testing AWS Lambda functions …
Python
Branch: master
Clone or download
Latest commit fffcd65 Jan 11, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore initial Jun 13, 2018
LICENSE Create LICENSE Jun 13, 2018
README.md Update README.md Jan 11, 2019
main.py initial Jun 13, 2018
request.txt Update request.txt Jun 13, 2018
requirements.txt

README.md

More details in the following blog post: https://www.puresec.io/blog/automated-sql-injection-testing-of-serverless-functions-on-a-shoestring-budget-and-some-good-music

A simple utility to help test AWS Lambda functions for SQL Injection vulnerabilities, using a local HTTP proxy, which transforms the SQLMap HTTP-based attacks to AWS Lambda invoke calls.

Run lambda-proxy

$ python3 main.py

Update request.txt, which is the file containing your Lambda function's event data, and run

$ sqlmap -r request.txt
You can’t perform that action at this time.