Using sqlmap with Tor on Kali Linux

In pentesting, sqlmap is a wonderful tool to probe sql injections on target system. Sometimes you may need to support your sqlmap with tor proxy to hide your IP during pentest on your Kali Linux environment. Here I want to share concisely how to do it:

First, prepare an torinstaller.sh script:



#!/bin/sh
echo "deb http://deb.torproject.org/torproject.org wheezy main" >> /etc/apt/sources.list
clear scr
echo "[*] Installing the keys...."
gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
echo "Ready!!"
clear scr
echo "[*] Updating Repositories...."
apt-get update
clear scr
echo "[*] Installing TOR"
apt-get install deb.torproject.org-keyring
apt-get install tor
echo "Ready!!"
echo "[*] Installing Vidalia"
apt-get install vidalia
echo "Ready!!"
clear scr
echo "[*] Installing Privoxy"
apt-get install privoxy
echo "[*] Configuring privoxy"
echo "forward-socks5 / 127.0.0.1:9050 ." >> /etc/privoxy/config
echo "Ready!!"
sudo systemctl start tor.service
service privoxy restart
echo "Tor has been installed successfully."


Then assign the necessary credentials to the file and run it to install tor.

chmod a+x torinstaller.sh ./torinstaller.sh

Okay, we installed tor, Vidalia (graphical UI for tor) and privoxy (proxy tool) so far.

Now uncomment the following line by doing “vim /etc/privoxy/config”:

forward-socks5 / 127.0.0.1:9050

Honestly on my system starting tor service (systemctl start tor.service) gave the following error or warning: Job for tor.service failed. See ‘systemctl status tor.service’ and ‘journalctl -xn’ for details.

Besides that Vidalia was regularly dropping off the network. It may be because I was studying on Virtualbox VM environment.

But the tor service was still running: root@kali:~# netstat -antlp | grep LISTEN tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN 1724/tor tcp6 0 0 ::1:8118 :::* LISTEN 1727/privoxy

This means our SOCKS5 listener is active. So, let’s try it on Iceweasel. First download AutoProxy Add-On and activate it:

Proxy Management

Then on Preferences -> Advanced -> Network -> Settings select Proxy Server on menu and select Choose Proxy Server as follows:

Proxy Management

Switch Iceweasel AutoProxy button (un upper right) to green (global proxy) mode. Now you should be able to connect to Tor network via your Iceweasel:

Tor Connection

We successfully can get connected over Socks5 proxy. I guess we can wholeheartedly start using sqlmap with tor parameters:

sqlmap –tor –tor-type=SOCKS5 –tor-port=9050 -u http://www.targetdummywebsite/category.php?id=1 —risk=3 –level=5 -p id –random-agent –dbs

To be able to use tools such as nmap over tor, you can download and use proxychains tool:

apt-get install proxychains

echo socks5 127.0.0.1 9050 >> /etc/proxychains.conf

Proxy Chains

It is even possible using Metasploit over tor proxy. You only need to set up your proxy during running your exploit:

Metasploit

Remember, infiltrating into a system without the owner’s consent is illegal and a cyber crime even if you do nothing. Please first make your agreement and then test the system. Happy pentesting days.