Dzòm cái hình thì bít nhá, tớ k bít đâu, tớ cũng chỉ nhìn hình thui 

Key Features
* Easy Mode
o SQL Injection Wizard
o Automated Attack Support (database dump)
+ ORACLE
+ MSSQL
+ MySQL (experimental)
* General
o Fast and Multithreaded
o 4 Different SQL Injection Support
+ Blind SQL Injection
+ Time Based Blind SQL Injection
+ Deep Blind (based on advanced time delays) SQL Injection
+ Error Based SQL Injection
o Can automate most of the new SQL Injection methods those relies on Blind SQL Injection
o RegEx Signature support
o Console and GUI Support
o Load / Save Support
o Token / Nonce / ViewState etc. Support
o Session Sharing Support
o Advanced Configuration Support
o Automated Attack mode, Automatically extract all database schema and data mode

* Update / Exploit Repository Features
o Metasploit alike but exploit repository support
o Allows to save and share SQL Injection exploits
o Supports auto-update
o Custom GUI support for exploits (cookie input, URL input etc.)

* GUI Features
o Load and Save
o Template and Attack File Support (Users can save sessions and share them. Some sections like username, password or cookie in the templates can be show to the user in a GUI)
o Visually view true and false responses as well as full HTML response, including time and stats

* Connection Related
o Proxy Support (Authenticated Proxy Support)
o NTLM, Basic Auth Support, use default credentials of current user/application
o SSL (also invalid certificates) Support
o Custom Header Support

* Injection Points (only one of them or combination)
o Query String
o Post
o HTTP Headers
o Cookies

* Other
o Post Injection data can be stored in a separated file
o XML Output (not stable)
o CSRF protection support

one time session tokens or asp.net viewstate ort similar can be used for separated login sessions, bypassing proxy pages etc.