Re: [sqlmap-users] proxy/non-proxy behavior is different
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] proxy/non-proxy behavior is different
|
From: <li...@li...> - 2009-04-16 15:33:53
|
All I care about is getting the sqlmap to funnel all requests through a proxy that I control to log the results (ie. burp). I was noting a difference between how sqlmap works in proxy vs non-proxy mode to the point where obtained session tokens will not work. I am inquiring if there is a way to make sqlmap work differently, regardless of protocol. Session credentials are obtained using firefox to burp suite. Running sqlmap through burp using the same obtained session token does not work because sqlmap uses different requests than the obtained token. On Thu, Apr 16, 2009 at 04:00:40PM +0100, Pragmatk wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > li...@li... wrote: > > I'm currently conducting a pen-test where I am successfully able to > > enumerate data from a database using sqlmap (blind sql injection). > Since you're pentesting web applications, and because you decided to > read --help before posting, So surely you know how a HTTP proxy works. > > > My session cookies will working when not using the proxy in sqlmap. > > Using the proxy setting will not work (proxy through burp suite). > > When not using the proxy, sqlmap will use a GET request without the > > host:port information and just use the /url. > Based on the facts that you > 1) Have read --help > and 2) Are pentesting web applications > and 3) (Based one (2)) Know how a HTTP proxy works > > I conclude that you're inquiring about the possibility of having sqlmap > go take a shit on the HTTP proxy protocol and break its built-in proxy > support. What I fail to understand is what you're looking to gain by > doing so. > > - -- > Joe / "Pragmatk" > [ 6426 C563 2592 0BB8 5193 797E 1A09 9E97 323C 7837 ] > [ gpg --recv-keys --keyserver pgp.mit.edu 0x323C7837 ] |
