others-how to compile and install libinjection on linux server?
1. Purpose
In this post, I will introduce how to compile and install libinjection on linux server.
2. Solution
1) What is libinjection?
Libinjection is a library used as SQL / SQLI tokenizer parser analyzer , it can be used to analyze web requests to avoid sql injection or xss injection.
2) How to make or compile libinjection?
First , you should clone the library to local directories:
git clone https://github.com/client9/libinjection
You should get a directory as follows:
-rw-r--r-- 1 501 games 18 6月 27 14:11 CHANGELOG
-rw-r--r-- 1 501 games 12791 6月 27 14:11 CHANGELOG.md
-rwxr-xr-x 1 501 games 756 6月 17 14:07 configure-clang-asan.sh
-rwxr-xr-x 1 501 games 737 6月 17 14:07 configure-clang.sh
-rwxr-xr-x 1 501 games 709 6月 17 14:07 configure-gcc-hardened.sh
-rwxr-xr-x 1 501 games 144 6月 17 14:07 configure-gcov.sh
-rwxr-xr-x 1 501 games 85 6月 17 14:07 configure-gprof.sh
-rw-r--r-- 1 501 games 1575 6月 17 14:07 COPYING
drwxr-xr-x 2 501 games 4096 6月 27 14:13 data
drwxr-xr-x 2 501 games 37 6月 27 14:13 go
-rwxr-xr-x 1 501 games 13997 6月 17 14:07 install-sh
drwxr-xr-x 2 501 games 178 6月 27 14:13 lua
-rwxr-xr-x 1 501 games 1697 6月 17 14:07 make-ci.sh
-rw-r--r-- 1 501 games 581 6月 27 14:05 Makefile
drwxr-xr-x 3 501 games 4096 6月 27 14:13 misc
drwxr-xr-x 2 501 games 141 6月 27 14:13 php
drwxr-xr-x 3 501 games 157 6月 27 14:13 python
-rw-r--r-- 1 501 games 3329 6月 27 14:05 README.md
-rw-r--r-- 1 501 games 610 6月 27 14:11 RELEASE-HOWTO.md
-rwxr-xr-x 1 501 games 208 6月 17 14:07 run-clang-asan.sh
-rwxr-xr-x 1 501 games 562 6月 17 14:07 run-gcov-samples.sh
-rwxr-xr-x 1 501 games 570 6月 17 14:07 run-gcov-unittests.sh
drwxr-xr-x 2 501 games 4096 6月 27 14:11 src
-rwxr-xr-x 1 501 games 260 6月 27 14:11 tags.sh
-rwxr-xr-x 1 501 games 257 6月 17 14:07 test-gprof.sh
drwxr-xr-x 2 501 games 20480 6月 27 14:13 tests
Then, compile libinjection:
[root@bswen-k8s-app1 libinjection]# cd src
[root@bswen-k8s-app1 src]# make
./make_parens.py < fingerprints.txt > fingerprints2.txt
mv fingerprints2.txt fingerprints.txt
./sqlparse_map.py > sqlparse_data.json
./sqlparse2c.py < sqlparse_data.json > libinjection_sqli_data.h
cc -Wall -Wextra -Werror -pedantic -ansi -g -O3 -fPIC -c -o libinjection_sqli.o libinjection_sqli.c
cc -Wall -Wextra -Werror -pedantic -ansi -g -O3 -fPIC -c -o libinjection_html5.o libinjection_html5.c
cc -Wall -Wextra -Werror -pedantic -ansi -g -O3 -fPIC -c -o libinjection_xss.o libinjection_xss.c
cc libinjection_sqli.o libinjection_html5.o libinjection_xss.o -shared -lc -o libinjection.so
rm -f libinjection.a
ar -r libinjection.a libinjection_sqli.o libinjection_html5.o libinjection_xss.o
ar: Creating libinjection.a
[root@bswen-k8s-app1 src]#
At last, we can test libinjection as follows:
[root@bswen-k8s-app1 src]# gcc -Wall -Wextra example1.c libinjection_sqli.c
[root@bswen-k8s-app1 src]# ll
-rw-r--r-- 1 501 games 227 6月 17 14:07 alpine.supp
-rwxr-xr-x 1 root root 257416 6月 27 14:15 a.out
-rwxr-xr-x 1 501 games 559 6月 17 14:07 clang.sh
-rw-r--r-- 1 501 games 557 6月 17 14:07 example1.c
-rwxr-xr-x 1 501 games 1338 6月 17 14:07 fingerprints2sqli.py
-rw-r--r-- 1 root root 49668 6月 27 14:14 fingerprints.txt
-rw-r--r-- 1 501 games 2276 6月 17 14:07 fptool.c
-rw-r--r-- 1 501 games 4194 6月 17 14:07 html5_cli.c
-rw-r--r-- 1 root root 762344 6月 27 14:14 libinjection.a
-rw-r--r-- 1 501 games 1633 6月 17 14:07 libinjection.h
-rw-r--r-- 1 501 games 21694 6月 27 14:11 libinjection_html5.c
-rw-r--r-- 1 501 games 4656 6月 17 14:08 libinjection_html5.gcda
-rw-r--r-- 1 501 games 913 6月 17 14:07 libinjection_html5.h
-rw-r--r-- 1 root root 58600 6月 27 14:14 libinjection_html5.o
-rwxr-xr-x 1 root root 602016 6月 27 14:14 libinjection.so
-rw-r--r-- 1 501 games 72134 6月 27 14:11 libinjection_sqli.c
-rw-r--r-- 1 501 games 206900 6月 27 14:14 libinjection_sqli_data.h
-rw-r--r-- 1 501 games 13464 6月 17 14:08 libinjection_sqli.gcda
-rw-r--r-- 1 501 games 7145 6月 27 14:11 libinjection_sqli.h
-rw-r--r-- 1 root root 674176 6月 27 14:14 libinjection_sqli.o
-rw-r--r-- 1 501 games 14531 6月 27 14:11 libinjection_xss.c
-rw-r--r-- 1 501 games 2908 6月 17 14:08 libinjection_xss.gcda
-rw-r--r-- 1 501 games 267 6月 17 14:07 libinjection_xss.h
-rw-r--r-- 1 root root 28672 6月 27 14:14 libinjection_xss.o
-rw-r--r-- 1 501 games 4557 6月 27 14:11 Makefile
-rwxr-xr-x 1 501 games 11598 6月 17 14:07 make_parens.py
-rw-r--r-- 1 501 games 8273 6月 17 14:07 reader.c
-rw-r--r-- 1 501 games 2092 6月 17 14:08 reader.gcda
-rw-r--r-- 1 501 games 4003 6月 27 14:11 sqli_cli.c
-rwxr-xr-x 1 501 games 3800 6月 17 14:07 sqlparse2c.py
-rw-r--r-- 1 501 games 182535 6月 27 14:14 sqlparse_data.json
-rwxr-xr-x 1 501 games 48384 6月 27 14:11 sqlparse_map.py
-rwxr-xr-x 1 501 games 273 6月 17 14:07 test-cppcheck.sh
-rw-r--r-- 1 501 games 8250 6月 17 14:07 testdriver.c
-rw-r--r-- 1 501 games 2144 6月 17 14:08 testdriver.gcda
-rwxr-xr-x 1 501 games 189 6月 17 14:07 test-driver.sh
-rwxr-xr-x 1 501 games 87 6月 17 14:07 test-samples-sqli-negative.sh
-rwxr-xr-x 1 501 games 93 6月 17 14:07 test-samples-sqli-positive.sh
-rwxr-xr-x 1 501 games 89 6月 17 14:07 test-samples-xss-positive.sh
-rw-r--r-- 1 501 games 1498 6月 17 14:07 test_speed_sqli.c
-rwxr-xr-x 1 501 games 45 6月 17 14:07 test-speed-sqli.sh
-rw-r--r-- 1 501 games 2123 6月 17 14:07 test_speed_xss.c
-rwxr-xr-x 1 501 games 44 6月 17 14:07 test-speed-xss.sh
-rwxr-xr-x 1 501 games 97 6月 17 14:07 test-unit.sh
[root@bswen-k8s-app1 src]# ./a.out "-1' and 1 = 1"
sqli with fingerprint of 's&1'
[root@bswen-k8s-app1 src]#
You can see that the sql injection test is successful.
3. Summary
In this post, I demonstrated how to make ,compile and install libinjection library on linux server. That’s it, thanks for your reading.