Research And Design Of An Automatic Scanning Tool For SQL Injection Based On Improved Crawler Technology

With the rapid development of the Internet,people's demand for Web technologies has gradually increased,and the corresponding threats are also increasing.Attacks on websites have become a hot issue for network security.Among them,SQL injection attack is an important research topic of network security.SQL injection is one of the most serious vulnerabilities and it can cause incalculable damage to the website.Therefore,research and analysis of SQL injection detection tools have important practical significance.Based on the research of the exsisted SQL injection detection technology,this paper analyzes the needs of vulnerability detection tools in detail,designs and implements a detection tool for SQL injection vulnerabilities.Based on the existing tools,the tool improves the crawler module,breaks through the limit of the crawler site,and proposes an improved deduplication algorithm to improve the crawler's operating efficiency.At the same time,adding a bypass to the WAF rules,constructing more can bypass the site's payload to increase the accuracy of the detection tool.The main work of this article is as follows:(1)The basic principle of SQL injection and the process of injecting are discussed in detail.The concept of crawler,relevant strategies and techniques for URL deduplication are described.The research progress of SQL injection detection technology at home and abroad is introduced.(2)Based on the research of the existing crawler technology,the website crawler limit,such as login restrictions,anti-repeat mechanism,etc.,to improve the crawler,breaking the site restrictions on crawlers,making the crawler can operate efficiently.(3)Improved the URL deduplication algorithm and applied the algorithm to the web crawler.By analyzing the existing URL deduplication algorithm with the problems of low efficiency and efficiency,an optimization algorithm for URL deduplication is proposed.Based on the original Bloom filter algorithm,the SVCBF deduplication algorithm proposed in this paper compresses the links and uses a variable-length counter to improve the accuracy and efficiency of the deduplication.(4)Increase the identification and bypassing of Web application firewalls in the detection module.By detecting the firewall settings of the website,detecting the rules of the firewall,improving the test load,bypassing the firewall filtering,and improving the detection accuracy.(5)Design and implementation of SQL injection automation detection tool based on improved crawler,including the overall design of the tool,the design of main functional modules and the functional realization of each module,and the functional testing and performance testing of each module of the tool,verifying that the tool modules are Realized.