I am unable to install BBQSQL:

andrew@andrew-desktop:~$ sudo pip2.7 install bbqsql
Collecting bbqsql
  Downloading BBQSQL-1.2.tar.gz (41kB)
    100% |████████████████████████████████| 51kB 1.1MB/s 
Requirement already satisfied: gevent in /usr/local/lib/python2.7/dist-packages/gevent-1.2.2-py2.7-linux-x86_64.egg (from bbqsql)
Collecting requests<1.0 (from bbqsql)
  Downloading requests-0.14.2.tar.gz (361kB)
    100% |████████████████████████████████| 368kB 1.3MB/s 
    Complete output from command python setup.py egg_info:
    running egg_info
    creating pip-egg-info/requests.egg-info
    writing pip-egg-info/requests.egg-info/PKG-INFO
    writing top-level names to pip-egg-info/requests.egg-info/top_level.txt
    writing dependency_links to pip-egg-info/requests.egg-info/dependency_links.txt
    writing manifest file 'pip-egg-info/requests.egg-info/SOURCES.txt'
    Traceback (most recent call last):
      File "<string>", line 1, in <module>
      File "/tmp/pip-build-vUnK60/requests/setup.py", line 69, in <module>
        'Programming Language :: Python :: 3.3',
      File "/usr/lib/python2.7/distutils/core.py", line 151, in setup
        dist.run_commands()
      File "/usr/lib/python2.7/distutils/dist.py", line 953, in run_commands
        self.run_command(cmd)
      File "/usr/lib/python2.7/distutils/dist.py", line 972, in run_command
        cmd_obj.run()
      File "/usr/local/lib/python2.7/dist-packages/setuptools/command/egg_info.py", line 279, in run
        self.find_sources()
      File "/usr/local/lib/python2.7/dist-packages/setuptools/command/egg_info.py", line 294, in find_sources
        mm.run()
      File "/usr/local/lib/python2.7/dist-packages/setuptools/command/egg_info.py", line 525, in run
        self.add_defaults()
      File "/usr/local/lib/python2.7/dist-packages/setuptools/command/egg_info.py", line 561, in add_defaults
        sdist.add_defaults(self)
      File "/usr/local/lib/python2.7/dist-packages/setuptools/command/py36compat.py", line 34, in add_defaults
        self._add_defaults_python()
      File "/usr/local/lib/python2.7/dist-packages/setuptools/command/sdist.py", line 133, in _add_defaults_python
        build_py = self.get_finalized_command('build_py')
      File "/usr/lib/python2.7/distutils/cmd.py", line 311, in get_finalized_command
        cmd_obj = self.distribution.get_command_obj(command, create)
      File "/usr/lib/python2.7/distutils/dist.py", line 845, in get_command_obj
        klass = self.get_command_class(command)
      File "/usr/local/lib/python2.7/dist-packages/setuptools/dist.py", line 491, in get_command_class
        self.cmdclass[command] = cmdclass = ep.load()
      File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2302, in load
        return self.resolve()
      File "/usr/local/lib/python2.7/dist-packages/pkg_resources/__init__.py", line 2308, in resolve
        module = __import__(self.module_name, fromlist=['__name__'], level=0)
      File "/usr/local/lib/python2.7/dist-packages/setuptools/command/build_py.py", line 12, in <module>
        from six.moves import map, filter, filterfalse
    ImportError: cannot import name filterfalse
    
    ----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-vUnK60/requests/

If you run X number of queries, data should be formatted nicely into CSV files (either one per query or maybe one monolithic csv file). CSV files should contain enough information to be useful (URL hit, Query run, etc.) as well as the data itself.

I don't think this is a big need, but some folks just love command line. I could work on this probably but I don't think this should be high on the milesone list.

Needs to have ASCII smoke coming off of it.

Thanks for this wonderful bbqsql Team.
You have saved me from doing a little script in order to do a special SQLInyection.

The problem is that when I run the attack ((5) Run Exploit) the program breaks with:

bbqsql> 5
Traceback (most recent call last):
File "/usr/local/bin/bbqsql", line 16, in
bbqMenu()
File "/usr/local/lib/python2.7/dist-packages/bbqsql/menu/bbq_menu.py", line 182, in init
bbq = bbqsql.BlindSQLi(**attack_config)
File "/usr/local/lib/python2.7/dist-packages/bbqsql/lib/api.py", line 128, in init
self.requester = requester_type(comparison_attr=comparison_attr, *_kwargs)
File "/usr/local/lib/python2.7/dist-packages/bbqsql/lib/requester.py", line 122, in init
self.session = requests.session(_args,**kwargs)
TypeError: session() takes no arguments (5 given)

I have read that I have to downgrade the requests to 0.14.2
(sudo pip install requests==0.14.2 --upgrade) but that didn't work.

Right now i have:
requests 1.1.0
gevent 0.13.8
greenlet 0.4.0

And the config file have:

XXX@XXX:~/XXXXX/$ cat attack.cfg
[Request Config]
url = http://XXXXXX.php?XXXXX=XXX${injection}
headers = {'{'"User-Agent"'': ''"Mozilla/5.0 (compatible; Googlebot/2.1; +http'}'}
allow_redirects = False
proxies = {'http': 'XX.XX.XX.XX:80'}
method = GET

[HTTP Config]
query = and ASCII( SUBSTR( ( CURRENT_USER ( ) ) ,${char_index:1} , 1 ) ) ${comparator:>}${char_val:0}
csv_output_file = XXXX
technique = binary_search
comparison_attr = size
concurrency = 10

Thanks for all! :)

Fefa

$ sudo pip install bbqsql
Collecting bbqsql
Using cached BBQSQL-1.2.tar.gz
Collecting gevent (from bbqsql)
Using cached gevent-1.0.1.tar.gz
Collecting requests<1.0 (from bbqsql)
Using cached requests-0.14.2.tar.gz
Complete output from command python setup.py egg_info:
Traceback (most recent call last):
File "", line 20, in
File "/tmp/pip-build-t6900f9w/requests/setup.py", line 6, in
import requests
File "/tmp/pip-build-t6900f9w/requests/requests/init.py", line 52, in
from . import utils
File "/tmp/pip-build-t6900f9w/requests/requests/utils.py", line 22, in
from .compat import parse_http_list as _parse_list_header
File "/tmp/pip-build-t6900f9w/requests/requests/compat.py", line 112, in
from .packages import chardet2 as chardet
ImportError: cannot import name 'chardet2'

----------------------------------------
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-t6900f9w/requests

simple import chardet
topical for python 3

interface exists from concurrency, but it hasn't been implemented yet in blindtechnique

Some sort of curses interface would be nice

It would be nice to have a place with a few example queries (starting points). Not sure how to render the examples (either a text file, or maybe you could hit a key in the menu to print them to the screen).

Hello. I am new to BBQ SQL, but I can't seem to find discussions on syntax anywhere online. It's probably intuitive if I try enough things, but would it be possible to include sample url inputs and http queries in the readme?

I installed BBQSQL-1.1.tar.gz via pip with gevent-0.13.8.tar.gz, requests-0.14.0.tar.gz and greenlet-0.4.0.zip. I configure bbqsql to target a local web script which just logs the query string. Strangely the log-file just shows these query strings:

id=%7Binjection%7D

In short, the placeholder is not used. I'm sorry if the configuration is faulty or I overlooked something obvious, but I tested it on two machines and I can't see the problem.

Regards
Andreas

The exported config:

[Request Config]
url = http://localhost/cgi-bin/x.cgi?id={injection}
method = GET

[HTTP Config]
query = ' and ASCII(SUBSTR((SELECT data FROM data ORDER BY id LIMIT 1 OFFSET ${row_index:1}),${char_index:1},1))${comparator:>}${char_val:0} #
technique = binary_search
comparison_attr = size
concurrency = 30

The script:

!/bin/bash

echo "Content-type: text/plain"
echo ""
echo "$QUERY_STRING" >> /tmp/sql.log

Parse and store cookies received in response headers. Send these cookies for future requests. This will allow for apps that have cookies w/ built in timeouts.

We need to determine what our HTTP request will look like. Bellow are the
available HTTP parameters. Please enter the number of the parameter you
would like to edit. When you are done setting up the HTTP parameters,
you can type 'done' to keep going.

0) files
1) headers
2) cookies
3) url
   Value: http://natas15.natas.labs.overthewire.org/index.php
4) allow_redirects
5) proxies
6) data
   Value: {'username': 'natas16'}
7) method
   Value: post
8) auth

Traceback (most recent call last):
File "/usr/local/bin/bbqsql", line 16, in
bbqMenu()
File "/usr/local/lib/python2.7/dist-packages/bbqsql/menu/bbq_menu.py", line 100, in init
requests_config.run_config()
File "/usr/local/lib/python2.7/dist-packages/bbqsql/menu/config.py", line 259, in run_config
print "\t Value: %s" % self[key]['value']
TypeError: not all arguments converted during string formatting

The row length shouldn't be bumped up in size based on the longest row.

i need hep in time method
while i put this value in query
if(ASCII(SUBSTRING((SELECT @@Version LIMIT 1 OFFSET ${row_index}) , ${char_index} ,1))) ${comparator:>}ASCII(${char_val}) WAITFOR DELAY '0:0:0${sleep}'

but this didnt work it give true and bbqsql then stop
sure my value is not correct so what is the solution
this is the output before it stop

Injecting into 'url' parameter
It looks like this: http://www.x.com/y/z.php?action=get_new_price&id_pack=58&pack_page=1&productsAttribute[]=73231&products_exclude[]=1%20if%28ASCII%28SUBSTRING%28%28SELECT%20%40%40version%20LIMIT%201%20OFFSET%200%29%20%2C%201%20%2C1%29%29%29%20%3EASCII%28%29%20WAITFOR%20DELAY%20%270%5C%3A0%5C%3A0%27&qty=1&qtys[]=1
we will be treating this as a 'true' response
for the sample requests, the response's 'time' were the following :
[0.3397238254547119, 0.16059422492980957, 0.16398906707763672, 0.1356668472290039]

I'll probably get to this today.

People are emailing me with install issues.... Fix setup.py

Frequency search seems to be broken.

Some Weird checks have been in place on the server which i am testing. It doesn’t allow me to use SUBSTRING function of mysql which takes in SUBSTRING(str, pos, len). But i want to use LEFT function LEFT(string, length). I think so this function is not supported yet by bbqsql or i dont know how to utilize it.

Hello,

Any tricks for disabling SSLv3 support. I'm running on Debian testing OS.

I have just installed that with : pip install bbqsql

Traceback (most recent call last):
File "/usr/local/bin/bbqsql", line 3, in
from bbqsql import *
File "/usr/local/lib/python2.7/dist-packages/bbqsql/init.py", line 31, in
from menu import bbqMenu
File "/usr/local/lib/python2.7/dist-packages/bbqsql/menu/init.py", line 1, in
from bbq_menu import bbqMenu
File "/usr/local/lib/python2.7/dist-packages/bbqsql/menu/bbq_menu.py", line 4, in
from config import RequestsConfig,bbqsqlConfig
File "/usr/local/lib/python2.7/dist-packages/bbqsql/menu/config.py", line 13, in
from gevent import socket
File "/usr/local/lib/python2.7/dist-packages/gevent/socket.py", line 659, in
from gevent.ssl import sslwrap_simple as ssl, SSLError as sslerror, SSLSocket as SSLType
File "/usr/local/lib/python2.7/dist-packages/gevent/ssl.py", line 386, in
def get_server_certificate(addr, ssl_version=PROTOCOL_SSLv3, ca_certs=None):
NameError: name 'PROTOCOL_SSLv3' is not defined

Thanks in advance.

The way SQL map displays results after a query is finished running is nice. Basically they format the table like

*Here is my Query *

Results
*Results
*Results
*78 rows and took 389 seconds

They then clip any query that is more than I think 80 Rows (since viewing that in a terminal window can be a little much) and default to spit the output in a file if the query returns back a ton of data (think dumping 80,000 hashes for example).

I think the version on pip is fairly outdated

right now, if things don't work, you never know why.

I would like to change things so there are two overall modes:

- a database dumping mode (the current mode)
- a debugging mode that prints each url that is attempted and whether is is getting evaluated as true/false. Maybe in debug mode it wouldn't try to run the attack, but just makes the necessary requests for establishing true/false (the initial requests that are made before the attack.).

Alternatively, it could make the setup requests and then prompt the user to see if they look right.

i need hep in time method
while i put this value in query
if(ASCII(SUBSTRING((SELECT @@Version LIMIT 1 OFFSET ${row_index}) , ${char_index} ,1))) ${comparator:>}ASCII(${char_val}) WAITFOR DELAY '0:0:0${sleep}'

but this didnt work it give true and bbqsql then stop
sure my value is not correct so what is the solution
this is the output before it stop

Injecting into 'url' parameter
It looks like this: http://www.x.com/y/z.php?action=get_new_price&id_pack=58&pack_page=1&productsAttribute[]=73231&products_exclude[]=1%20if%28ASCII%28SUBSTRING%28%28SELECT%20%40%40version%20LIMIT%201%20OFFSET%200%29%20%2C%201%20%2C1%29%29%29%20%3EASCII%28%29%20WAITFOR%20DELAY%20%270%5C%3A0%5C%3A0%27&qty=1&qtys[]=1
we will be treating this as a 'true' response
for the sample requests, the response's 'time' were the following :
[0.3397238254547119, 0.16059422492980957, 0.16398906707763672, 0.1356668472290039]

Saw that it was removed, we should include an example somewhere...What do you think?

The GUI display when running a 2nd binary search flashes in/out as well as looks as if it freezes up. Seems to pull the data correctly however.

Because settings.py imports requester.py we almost have a circular import problem. I want to start getting rid of settings.py. With the exception of some of the color settings, it just causes too much coupling.

I get this message when I try to run the demo.

I don't think anyone has ever used this tool.

bbqsql> 5
Traceback (most recent call last):
File "/usr/local/bin/bbqsql", line 16, in
bbqMenu()
File "/usr/local/lib/python2.7/dist-packages/bbqsql/menu/bbq_menu.py", line 182, in init
bbq = bbqsql.BlindSQLi(**attack_config)
File "/usr/local/lib/python2.7/dist-packages/bbqsql/lib/api.py", line 128, in init
self.requester = requester_type(comparison_attr=comparison_attr, *_kwargs)
File "/usr/local/lib/python2.7/dist-packages/bbqsql/lib/requester.py", line 122, in init
self.session = requests.session(_args,**kwargs)
File "/usr/local/lib/python2.7/dist-packages/requests-0.14.1-py2.7.egg/requests/sessions.py", line 328, in session
return Session(**kwargs)
TypeError: init() got an unexpected keyword argument 'data'
root@btoews-ubuntu:/var/www/sqlivuln/public_html#

Patt Madden's idea of looking at the probability to decide where to split for the binary search

The test_server.py craps out in osx if it receives more than ~35 concurrent requests. Any thoughts on this?

add a timer to the console showing how long the test has been running and requests/time.

Get a readme.md finished before the talk. I'm working on this now, it's gonna take a bit of time but I should be able to finish before we talk.

check how hard it is to use the hooks from the api

When i run the application it throws this error back:

Traceback (most recent call last):
File "/usr/local/bin/bbqsql", line 3, in
from bbqsql import *
File "/usr/local/lib/python2.7/dist-packages/bbqsql/init.py", line 30, in
from lib import *
File "/usr/local/lib/python2.7/dist-packages/bbqsql/lib/init.py", line 1, in
import api
File "/usr/local/lib/python2.7/dist-packages/bbqsql/lib/api.py", line 3, in
from .technique import *
File "/usr/local/lib/python2.7/dist-packages/bbqsql/lib/technique.py", line 8, in
from gevent.coros import Semaphore
ImportError: No module named coros

I installed the latest version, and beforehand purged what was there before.
ACE

Ubuntu VM ... running demo ... the prompt on the menu takes several seconds to popup. This makes entering stuff a little painful.

if you hit the delete key when typing a url things get all scrambled like on the screen.

I think this is a gevent or libevent bug

Hi!

I'm trying to run your tool BBQSQL. First I tried to install it using the current version from github and after that I installed it with "pip install bbqsql". The program starts, I enter the URL and finally select "5) Run Exploit" and I get an error. The error for both the github and the pip version is almost identical and looks like this:

Traceback (most recent call last):
  File "/usr/local/bin/bbqsql", line 16, in <module>
    bbqMenu()
  File "/usr/local/lib/python2.6/dist-packages/bbqsql/menu/bbq_menu.py", line 182, in __init__
    bbq = bbqsql.BlindSQLi(**attack_config)
  File "/usr/local/lib/python2.6/dist-packages/bbqsql/lib/api.py", line 128, in __init__
    self.requester = requester_type(comparison_attr=comparison_attr, **kwargs)
  File "/usr/local/lib/python2.6/dist-packages/bbqsql/lib/requester.py", line 122, in __init__
    self.session = requests.session(*args,**kwargs)
TypeError: session() takes no arguments (2 given)​

I'm using BackTrack 5 RC2 (32 bit) and the following packages are installed:

root@bt:~# pip install bbqsql
Requirement already satisfied: bbqsql in /usr/local/lib/python2.6/dist-packages
Requirement already satisfied: gevent in /usr/local/lib/python2.6/dist-packages/gevent-0.13.8-py2.6-linux-i686.egg (from bbqsql)
Requirement already satisfied: requests in /usr/local/lib/python2.6/dist-packages/requests-1.1.0-py2.6.egg (from bbqsql)
Requirement already satisfied: argparse in /usr/local/lib/python2.6/dist-packages/argparse-1.2.1-py2.6.egg (from bbqsql)
Requirement already satisfied: greenlet in /usr/local/lib/python2.6/dist-packages/greenlet-0.4.0-py2.6-linux-i686.egg (from gevent->bbqsql)
Installing collected packages: argparse, bbqsql, gevent, greenlet, requests
Successfully installed bbqsql

Thank you and kind regards,
Martin

requires vs. required. dont have time to figure it out right now

First time I tried to use bbqsql. But when i go to run the exploit i get errors. So i just tried with default configuration but same error.

Here is the error:
Traceback (most recent call last):
File "/usr/bin/bbqsql", line 16, in
bbqMenu()
File "/usr/lib/python2.7/dist-packages/bbqsql/menu/bbq_menu.py", line 182, in init
bbq = bbqsql.BlindSQLi(**attack_config)
File "/usr/lib/python2.7/dist-packages/bbqsql/lib/api.py", line 128, in init
self.requester = requester_type(comparison_attr=comparison_attr, **kwargs)
File "/usr/lib/python2.7/dist-packages/bbqsql/lib/requester.py", line 122, in init
self.session = requests.session(*args,**kwargs)
TypeError: session() takes no arguments (2 given)

Hi there,

I'm running a fresh Kali rolling box with the latest updates. I watched the video (https://www.youtube.com/watch?v=I4XRnuAA-aA) and am attempting some tests in my own network, but no matter what values I feed BBQSL, it bombs with:

Traceback (most recent call last):
File "/usr/bin/bbqsql", line 16, in
bbqMenu()
File "/usr/lib/python2.7/dist-packages/bbqsql/menu/bbq_menu.py", line 182, in init
bbq = bbqsql.BlindSQLi(**attack_config)
File "/usr/lib/python2.7/dist-packages/bbqsql/lib/api.py", line 128, in init
self.requester = requester_type(comparison_attr=comparison_attr, *_kwargs)
File "/usr/lib/python2.7/dist-packages/bbqsql/lib/requester.py", line 122, in init
self.session = requests.session(_args,**kwargs)
TypeError: session() takes no arguments (2 given)

Seems like it might be a system config issue rather than something with the tool? Not sure. Any ideas?

Thanks,
Brian

If we only have n rows to query, only iterate that amount on row_index. For example, if I know I have 1 row in my result set, it should only iterate the column index.

when trying to install with
sudo pip install bbqsql

i get the following error
error: could not create '/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7/greenlet': Operation not permitted

This is because from EL Capitan OS X no longer allows software to be installed in system directories,
not even by root.

Is there an option to set a different install directory?