In this section, we are going to learn how we can automate a test case for SQL injection in mitmproxy, creating an inline script that we use, the request handler, and some of the things we learned in the previous sections.
Automating SQLi in mitmproxy
SQLi process
The objective of this section is to create an inline script for an mitmproxy, which will allow us to test SQL injection in every URL that has a parameter:
So the process is that, for every URL that has parameters, we need to replace each parameter value with FUZZ while conserving the rest of the parameter values. We do this instead of replacing all the values with FUZZ at once. Then, we replace the FUZZ string in each URL with each value in the injections array...
