I've just uploaded the latest version of SQLBrute. This includes a lot of code cleanup, and a few bug fixes. I've also uploaded a Windows binary version of SQLBrute, made using py2exe, for those of you without Python, or who are having problems getting SQLBrute to work (which is usually due to an old version of Python). And, as always, you can find a walkthrough of how to use SQLBrute in my archived posts.
This is going to be the final version of SQLBrute to be released in Python. I've started redevelopment as a .NET Windows Forms application, and all new features, exploit techniques, and fun stuff will be rolled into that version (more detail to come as I approach something releasable).
Found this useful? Then Digg It.
Daniel Cuthbert commented about adding proxy server support to SQLBrute. Well, a nice (and perhaps a little obscure) feature of urllib2 (which SQLBrute uses to send HTTP requests) is that you get HTTP proxy support out of the box. All you need to do is set your environment to point to the server, either by setting the http_proxy environment variable to point to your proxy, or (on Windows) by setting Internet Explorer to point to your proxy.
If setting the environment variable, on the Windows command line you can do this:
set http_proxy=myproxy:8080
Which should point it to your proxy. The same works for Unix/Linux with whatever export or set command is relevant for your shell.
The proxy support in urllib2 doesn't support authentication so if you have a proxy with authentication you might want to chain SQLBrute through your favourite local proxy (i.e. Burp, Paros etc) and have that handle the authentication for you. Enjoy!
Found this useful? Then Digg It.
