I have a REST API running on a server.
Is there a way to detect an unexpected sqlmap analysis?
Asked
Active
Viewed 1,110 times
1 Answers
6
SQLMap works by sending a lot of different requests to the server. It is pretty easy to see the scan if you look at your server logs manually.
If you want to do it programatically, just look for SQL verbs in your logs in the input fields where they don't make sense (select, from, where, order by).
schroeder
- 123,438
- 55
- 284
- 319
-
3I believe it may have a unique user agent by default as well. Of course that can be changed, but some adversaries might not think to change it. – multithr3at3d Apr 15 '16 at 05:11
-
1yep ` --user-agent ` and `--random-agent`, actually – schroeder Apr 15 '16 at 05:14
-
What in case he uses a random agent? Is there a way to detect it? It seems soo easy to be anonymous otherwise. Thanks for your response – jscherman Apr 16 '16 at 00:49
-
1@jscherman Random agents will mimic real agents, and therefore undetectable as sqlmap – schroeder Apr 16 '16 at 01:18