Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/saptajitbanerjee/sql-injection-detection
My team built a Machine Learning model to detect SQL Injections. The dataset was prepared by capturing normal and malicious HTTP requests, extracting essential features for training the model effectively. It enhances web application security by accurately identifying and flagging SQL Injection attacks.
https://github.com/saptajitbanerjee/sql-injection-detection
burpsuite cyber-security python3 sql-injection-attacks sql-injections
Last synced: about 2 months ago
JSON representation
My team built a Machine Learning model to detect SQL Injections. The dataset was prepared by capturing normal and malicious HTTP requests, extracting essential features for training the model effectively. It enhances web application security by accurately identifying and flagging SQL Injection attacks.
- Host: GitHub
- URL: https://github.com/saptajitbanerjee/sql-injection-detection
- Owner: saptajitbanerjee
- Created: 2023-05-12T11:16:23.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-03-05T07:49:01.000Z (10 months ago)
- Last Synced: 2024-03-05T08:52:52.122Z (10 months ago)
- Topics: burpsuite, cyber-security, python3, sql-injection-attacks, sql-injections
- Language: Python
- Homepage:
- Size: 1.58 MB
- Stars: 4
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# SQL-Injection-Detection
Software used:
- Python 3.9.5
- BurpSuite
- Accunetix Web Vulnerability Scanner
Python Libraries installed:
- urllib
- csv
- base64
- xml
We used Accunetix Web Vulnerability Scanner to generate general web crawling requests and malicious SQL injection requests on a target website. These requests as well as their responses to those requests by the target website are sent to specific port from where they are caught by BurpSuite. These captured requests and responses are saved in log files. One separate log file is made for the normal web crawling requests and another log file is made for malicious SQL injection requests.
We then used the log_parser.py code to extract the required features from the log files for our Logistic Regression ML model. The requests and responses are saved in XML file format in the log files for which we use the xml python library to extract the requests and responses. From the extracted requests we extract the required features and put them in a csv file
We use only csv file as the dataset for our Logistic Regression ML model which contains the features of both general web crawling requests and malicious SQL injection requests
Result
We finally create our labeled dataset to train our Supervised Machine Learning model using logistic regression. This dataset is also used to predict the accuracy of our ML model.