SQLViking
SQLViking copied to clipboard
Atticuss
sniff/log database traffic or actively execute arbitrary queries via TCP injection
right now, every established tcp connection is tracked. need to implement logic to remove tracking of conns assumed to not be db related and to known bad conn list. will...
look into the feasability of using tcp injection during mysql connection phase to instructs clients to use mysql_old_password auth protocol. would allow for easy stealing of passwords due to weak...
pymysql doesn't handle replies to COM_FIELD_LIST. have to build parser.
Right now Scapy picks the interface to listen on, should be able to specify which
Ability to import private keys to decrypt traffic. Capturing/importing of public keys to enable pillage tool to work over encrypted traffic.
Separate the threads to start/stop separately to provide a way to execute each function separately for later parsing in future tools
Occasionally an error will get thrown claiming [TCP] does not exist in pkt. Why? Scapy filter already set to capture only TCP traffic.
sql reqs/resps need to be logged by their origins so all known dbs and clients can be tracked. long term goal: build known schema by passively watching queries.