Blinderra

Prerequisites & Requirements

• How SQL works (queries, SELECT, WHERE, FROM, etc.).
• What SQL Injection (SQLi) is, and specifically Boolean-based Blind SQLi.
• How HTTP requests and responses work (query parameters, GET/POST).
• Basic Python scripting (loops, string operations, HTTP requests).
• Familiarity with database metadata tables like information_schema in MySQL.
• Basic cryptography knowledge.
• Familiar with hash cracking tools.

What will you learn?

• How to detect Boolean-based Blind SQL Injection.
• How to exploit blind SQLi manually using crafted payloads.
• How to automate extraction with a Python script.
• Techniques to bypass input filters (e.g., replacing space with %09).
• How to enumerate:

Tools

• Web Browser → To interact with the vulnerable app manually.
• Burp Suite (optional) → To intercept and test SQLi payloads.
• Python 3 → To automate the exploitation process.
• Requests library → For sending HTTP requests inside the Python script.
• Text editor/IDE (VS Code, Sublime, etc.) → For writing your script.