Suyla

Suyla is the god takes the victim's soul to Ulgen. This for reason has been put tool name Suyla. Suyla's main purpace by changing http header values sending to target system.

Above Process could be perform with http GET and POST methods.

REQUIREMENTS

  • sys

  • os

  • colorama

  • requests

  • json

  • re

USAGE AND EXECUTION LOGIC

For example this process structre and descriptions made using portswigger blind sql injection lab is as following.In initial phase process interfaces is passed with url command. After that is entered http method type and target domain.(Http Methods: GET and POST)

After these proceses operation mode interface is passed with edit command. And In this interface will change http header is entered.

After this input is entered http header value and passed send operation menu. If you choose send command, this value sent to target and received response.

If you want could be this response html output, or instead you can search return word in this response.(In this cookie value of sql payload is tries detect administrators user's password length)

If in blind process is created a payload list. After that , this values added to determined place.(Determined place is expressed '$' and '#' characters, to be increased place is expressed with double '?')

INCREASED PLACE
DETERMONED PLACE

After typing 'ok' and completing the payload list. After this process is entered a word for check true result, (In this attack attention is paid changes on page.) and is entered increase value. In this way payload list as much as the increase value tries on target system.(In initial phase increase value is 1)

EXECUTION LOGIC

In this section we will explain how suyla's does it perform this process.

  1. ‘?’ characters search in the entered http value and this result assignment to ‘plus_result’ variable.

  2. ‘$’ and ‘#’ characters search in the entered http value and this result assignment to ‘find_result’ variable.

  3. After , ‘plus_result’ content checked here.

See the source code for details that cannot be described here. Source code. Give it a click if you like.