Skip to content
/ lambda-proxy Public

Lambda-Proxy creates an HTTP proxy listening on localhost port 8082. When it receives an HTTP POST request with a very specific structure , it will parse the request, extract the relevant data required for the test, and will invoke your AWS Lambda function using the AWS SDK client.invoke() method. It was created for testing AWS Lambda functions …

www.puresec.io

License

Apache-2.0 license
36 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

puresec/lambda-proxy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
main.py
main.py
 
 
request.txt
request.txt
 
 
requirements.txt
requirements.txt
 
 

Repository files navigation

More details in the following blog post: https://www.puresec.io/blog/automated-sql-injection-testing-of-serverless-functions-on-a-shoestring-budget-and-some-good-music

A simple utility to help test AWS Lambda functions for SQL Injection vulnerabilities, using a local HTTP proxy, which transforms the SQLMap HTTP-based attacks to AWS Lambda invoke calls.

Run lambda-proxy

$ python3 main.py

Update request.txt, which is the file containing your Lambda function's event data, and run

$ sqlmap -r request.txt

About

Lambda-Proxy creates an HTTP proxy listening on localhost port 8082. When it receives an HTTP POST request with a very specific structure , it will parse the request, extract the relevant data required for the test, and will invoke your AWS Lambda function using the AWS SDK client.invoke() method. It was created for testing AWS Lambda functions …

www.puresec.io

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

36 stars

Watchers

5 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages