SQLBurp

[0x4meliorate]

Extension URL

https://github.com/0x4meliorate/SQLBurp

Version number

v1.0.0

Select additional compatible products and features

• Community
• DAST
• Burp AI

Author display name

0x4meliorate

Contact details (optional)

sam@pentester.contact

Discord username (optional)

0x4meliorate

I confirm that the following is true:

• I have permission from all relevant persons to submit this extension to the BApp Store for public use, under the terms and conditions of the EULA.
• I have read and understood the submission requirements for the BApp Store.

Extension overview

SQLBurp is a Burp Suite extension that integrates the sqlmap REST API directly into your penetration testing workflow. Built in Java using the Montoya API, it allows you to submit requests from anywhere in Burp Suite (Proxy, Repeater, Target, and more) and track multiple concurrent SQL injection scans without leaving the tool. All scan data is stored natively in the Burp project file with no external database required, keeping engagements cleanly separated.

Key features

• sqlmap REST API integration: submit requests directly to a running sqlmapapi instance with a single right-click from anywhere in Burp
• Concurrent scan tracking: run and monitor multiple scans simultaneously via a sortable scan table with live status updates (Queued, Running, Vulnerable, Finished, etc.)
• Granular configuration: control detection level, risk, threads, SQLi techniques, tamper scripts, DBMS targeting, and more from a dedicated configuration panel
• Per-scan option snapshots: settings are captured at submission time, so each scan row records the exact options it was run with
• Native persistence: all scan data is stored in the Burp project file via persistence().extensionData(), with incremental saving and automatic restore on reload
• No external database: sqlmapapi can be restarted freely without losing scan history
• Request deduplication: sending the same request multiple times in a single action only creates one scan

Usage instructions

1. Download SQLBurp
2. Start the sqlmap REST API: python sqlmapapi.py -s -H 127.0.0.1 -p 8775
3. The SQLBurp tab will appear, click Ping to confirm the API is reachable
4. Right-click any request in Proxy, Repeater, Target, etc. and select Send to SQLMap API
5. Monitor scan progress in the scan table; click any row to view its live log and configuration snapshot
6. Use the right-click menu to stop or delete individual scans, or the toolbar to stop all / remove finished scans

Template identifier (Internal use only - please ignore)

• template:01-submit-extension

[github-actions]

❌ Submission failed.

Error: Missing required fields: product_compatibility

Please correct the issue and submit a new request.