Re: [sqlmap-users] proxy/non-proxy behavior is different

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

li...@li... wrote:
> I was noting a difference between how sqlmap works in proxy
> vs non-proxy mode to the point where obtained session tokens
> will not work.  I am inquiring if there is a way to make
> sqlmap work differently, regardless of protocol.
The proxy feature works perfectly well. It is your proxy - or rather:
your use of it - that is incorrect. That being said, I'm guessing Burp
probably has some sort of feature capable of rewrite requests. If not, I
suggest you write one.

> Session credentials are obtained using firefox to burp suite.
> Running sqlmap through burp using the same obtained session
> token does not work because sqlmap uses different requests
> than the obtained token.
Err, I lost you there. I thought your issue was sqlmap's
http://host:port/requesturi-requests that screwed your sessions? How are
the session tokens passed? Are you supplying them correctly to sqlmap?

- --
Joe / "Pragmatk"
[ 6426 C563 2592 0BB8 5193 797E 1A09 9E97 323C 7837  ]
[ gpg --recv-keys --keyserver pgp.mit.edu 0x323C7837 ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJJ514uAAoJEBoJnpcyPHg3VBkQAIUozYFopzfuP3qV/3m22Yn9
ssN5TCmbh+b8dwJ9LCJq7vqMnnoXCiLbCnFlCi1eFWUX8kMnAmNZzvxWpx3KAObR
ZY174HIgKDniaS5/qaGCChcBF+sGN7OoaVJgldn5J9ff0b3MXWxRYjp/RkZSzrrV
3KrQ2Iz40+vzeWXaYWDLbtTyqfXvqM03q5uE56kU1Ii/dWHrPfXCA7knwjNT05Pv
ECAWl0aK+ugjDM8nrTQI//Jl9t1FJe681DCt0eNi7lND3UKTpaEvh+wULwC62D6Z
Loujan50w2PEG9G2KZ/ml2BfkIebWYx9bu4yWdMEvNfmIyjI09R1Uda8NiEpdJDv
mptLDt0H0xXmvznjVZv0Q79kD92VjX8Tnu2vKdUGLfdfllzPRGqDh6t0wyHyFOTQ
Bkx03uqK7YaDf0rpyvb/BFeED5klak2X7+KpO2kz2Ab4/7eapq0W0Uzjr9uyNbwg
H74VW1nmtBmhjP+pL8YCjpspFufYskLd4ltYsrZSDpOEyBJss+iZDDYfV7OkjSx+
cQHOnyt7UDv9bQ2CMu6bBGPVL9d9kuR3coBvkiTo0HbEtUWqQYKpMHyqdKW1dm19
vIy+zk8PAEtx+fUaaGuyf91SSL9VRFO8TmYuALAqafoXAtTOO6MQExOmHNjFQisb
dtNiRPFFzQ1cFI3nkLbO
=6gl7
-----END PGP SIGNATURE-----