WebSocket Sql Injection

I came accross a HackTheBox machine called Soccer which is pretty interesting in a point of WebSocket SQL Injection, Did some reaseach and found a blog from salmonsec and it's written in Python2, as we know Python2 is deprecated. I used golang and made this to easier my work. The specialty of my tool it can take multiple parameter eg: http://localhost:8000/?key1=value1&key2=value2

Installation

go install github.com/rudSarkar/websocket_sqli@latest

Server

Copy the WebSocket URL and use the -ws flag to pass the URL of WebSocket it will up and running then follow the SQLMAP

websocket_sqli -ws 'ws://soc-player.soccer.htb:9091/'

SQLMAP

sqlmap -u "http://127.0.0.1:8000/?id=73456" -p id --random-agent --dbs

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
.gitignore		.gitignore
README.md		README.md
go.mod		go.mod
go.sum		go.sum
main.go		main.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

.gitignore

.gitignore

README.md

README.md

go.mod

go.mod

go.sum

go.sum

main.go

main.go

Repository files navigation

WebSocket Sql Injection

Installation

Server

SQLMAP

About

Releases

Packages

Languages

rudSarkar/websocket_sql_injection

Folders and files

Latest commit

History

Repository files navigation

WebSocket Sql Injection

Installation

Server

SQLMAP

About

Resources

Stars

Watchers

Forks

Languages