[*]
In a previous tutorial, I had demonstrated how to use SqlMap to carry out Sql Injection on a website. In this tutorial, I will show you how to use Tor to add a layer of obscurity between you and the target website.
Installing Tor
[*]
Getting tor for Kali Linux is as simple as typing a single line in the terminal-
apt-get instal tor
If you have any problems installing, then do an apt-get update first.
Start Tor
This is also quite simple
tor
You’ll see something like this-
Root@kali:
-
Sep 04 02:41:25.806 [notice] Tor v0.2.8.7 (git-cc2f02ef17899f86) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2h and Zlib 1.2.8.
Sep 04 02:41:25.806 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
Sep 04 02:41:25.806 [notice] Read configuration file “/etc/tor/torrc”.
Sep 04 02:41:25.811 [notice] Opening Socks listener on 127.0.0.1:9050
Sep 04 02:41:25.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
Sep 04 02:41:25.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
Sep 04 02:41:26.000 [warn] You are running Tor as root. You don’t need to, and you probably shouldn’t.
Sep 04 02:41:26.000 [notice] Bootstrapped 0%: Starting
Sep 04 02:41:27.000 [notice] Bootstrapped 5%: Connecting to directory server
Sep 04 02:41:27.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
Sep 04 02:41:27.000 [notice] Bootstrapped 15%: Establishing an encrypted directory connection
Sep 04 02:41:27.000 [notice] Bootstrapped 20%: Asking for networkstatus consensus
Sep 04 02:41:28.000 [notice] Bootstrapped 25%: Loading networkstatus consensus
Sep 04 02:41:29.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus.
Sep 04 02:41:30.000 [notice] Bootstrapped 40%: Loading authority key certs
Sep 04 02:41:30.000 [notice] Bootstrapped 45%: Asking for relay descriptors
Sep 04 02:41:30.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/7117, and can only build 0% of likely paths. (We have 0% of guards bw, 0% of midpoint bw, and 0% of exit bw = 0% of path bw.)
Sep 04 02:41:31.000 [notice] Bootstrapped 50%: Loading relay descriptors
Sep 04 02:41:34.000 [notice] Bootstrapped 55%: Loading relay descriptors
Sep 04 02:41:34.000 [notice] Bootstrapped 61%: Loading relay descriptors
Sep 04 02:41:34.000 [notice] Bootstrapped 66%: Loading relay descriptors
Sep 04 02:41:34.000 [notice] Bootstrapped 73%: Loading relay descriptors
Sep 04 02:41:34.000 [notice] Bootstrapped 78%: Loading relay descriptors
Sep 04 02:41:35.000 [notice] Bootstrapped 80%: Connecting to the Tor network
Sep 04 02:41:36.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
Sep 04 02:41:38.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
Sep 04 02:41:38.000 [notice] Bootstrapped 100%: Done
Important: Don’t close this terminal. Open a new terminal for further steps.
Testing with Sqlmap
Use this command
sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=2 –tor –tor-type=SOCKS5
[*]