Anonymity of SQLMAP with TOR Proxy – Kali Linux 2018

In a previous tutorial, we discussed how to use SQLMAP for exploitation of websites and in this, we’ll discuss more about anonymity which definitely adds an extra layer of protection between you and your target.

Also Read: How to fully anonymize Linux system with TOR using Nipe

Installation of TOR in Kali Linux

Tor is very easy to install in Kali Linux, you just need to type the following command to install:

Command: apt-get install tor

In case, if it shows some kind of error regarding “Unable to locate package” then do run “sudo apt-get update” command before installation of TOR and then try the same with above command.

To start the Tor, simply type “tor” in same terminal which takes approx 1-2 minutes to start and don’t close this terminal.

When trying to exploit any website using sqlmap, its always a good idea to be anonymous.

Sqlmap has excellent support for using common proxies or tor.

Ensure that your tor is running the socks5 daemon on port 9050. Then use the socks5 proxy with sqlmap as shown in following command:

Command: sqlmap -u <vulnerable website> –tor –tor-type=SOCKS5

Here, –tor option by default tries to use HTTP Proxy instead of SOCKS5, therefore it is necessary to mention the proxy type which is SOCKS5 in this case along with port number 9050 by adding –tor-port=9050 –check-tor (optional).

To further improve, you can also add fake User-Agent of Google Bot as shown below:

Command: sqlmap -u <Vulnerable Website> –tor –tor-type=SOCKS5 –user-agent=”Googlebot (compatible; Googlebot/2.1; +http://www.google.com/bot.html)”

By executing above command, you are going to look like a Google Bot and your IP would be that of some TOR Exit node.

Furthermore, if you want to use some tools like Nmap, or Metasploit then you need to install one more tool i.e. Proxychains which you can easily install by typing the following command: