Havij is automatic SQL injection tool developed by ITSecTeam. Havij is available in both free and paid version. Paid versions have some extra advantages over free version but for this tutorial we will use free one. First of all download Havij from http://ITSecTeam.com and install it. Copy and paste URL of website which you want scan for SQL injection vulnerability and press analyze.
Havij will now analyze site for SQL injection vulnerability if site is not vulnerable then Havij will display it in log section in red color, if it is vulnerable then it’ll show injection method name. After scanning if you find the victim is vulnerable then press GET DBS and it’ll list of database used by victim.
After getting database click on Get Tables and Get Columns. You can also save the retrieved database on your own system. Those who have experience handling database using SQL can also add and edit data using CDM or Query option.