Abstract: SQL injection vulnerability is one of the most common vulnerabilities in the Web site; also it's one of the most destructive loopholes during business operations. SQL injection vulnerability detection mode can be divided into manual and automated analysis. Although there are many automated tools that can help us quickly detect SQL injection vulnerability, but the capacity of the tools is very limited. For now, the biggest problem is how to ensure the comprehensive of the test data. Restricted to the crawler technology, the probability of false positives and false negatives of the automated tools is relatively large. Although the manual analysis way can ensure the accuracy of the vulnerability detection, but the testing process consumes a lot of time and low efficiency. In such cases, based on a proxy mode, this paper presents a SQL injection vulnerability detection way which can take full advantages of the existing vulnerability detection tools and achieve high efficiency and accuracy of SQL injection vulnerability detection. On the other hand, we also used this method to detect and analyze the XSS vulnerability in Web applications and have achieved very good results.