Re: [sqlmap-users] proxy/non-proxy behavior is different
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] proxy/non-proxy behavior is different
|
From: Pragmatk <pra...@gm...> - 2009-04-16 16:27:01
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 li...@li... wrote: > Well, I can see this thread is going nowhere and wreaks of sarcasm > rather than a discussion of a differences found using sqlmap in > proxy mode. While my first message was indeed sarcastic, the one previous to this one was 100% serious. The problem with using a "proxy" like Burp is that the GET http://endhost:endport/enduri HTTP/1.1 is required in order for the HTTP Proxy to work. In most cases you would use the (in my opinion) superior SOCKS protocol which allows raw traffic to be passed on in a much nicer way. Had sqlmap been using Burp as a SOCKS proxy, you would not have had your issue. I do not, however, see the problem in establishing the initial session in FF / Burp and modifying the requests to match those of sqlmap? > The session tokens work fine not using sqlmap in proxy mode. Hmm, that could indicate that you'll have to send proper GETs. Consider using another logging tool than Burp or patching sqlmap's urllib-objects to use a SOCKS proxy when establishing connections. - -- Joe / "Pragmatk" [ 6426 C563 2592 0BB8 5193 797E 1A09 9E97 323C 7837 ] [ gpg --recv-keys --keyserver pgp.mit.edu 0x323C7837 ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBAgAGBQJJ52OLAAoJEBoJnpcyPHg3i5gP/1y4w+sem6AnhS3yWp3aQfZG hKTEoX2lx7XJrW5deqrpuXUnRW8VmCeOqIByLfTZ49SA34AyYOvK/uchwM3c5ycc 4Xjje2iavvrxyobQvUrn4vh6VBCxDW/FcQYAXWRzrA1qbOi9ih/uh9ZKdzUQLplQ 4qLx5m/QmaI0aOtLJ4ZIJggQXy6eMtGAAFbPrrjywnD3tqLEmzD5xv+5TN2eVhvY kVG8R5KVFoSgDwXVipOWs1JmZsKCvJf/MAWyt4nwzPvTROMW8CjL+F17Z9IblEK7 BFcEXRrVvIVqKCrZC489IFoQs6MdNT7BwqxByCFOQ6u83Q/pk8rRi0Ber3yH8uVb 6+LE0tw8O1HOIXhusUVtD3165YFCxRr7oZoySaW6RgLP7Gfxd57bmU4ouB3N+KXi aEah3taKsQ09WWm2vHy2G0EyqQQx3SLsfi15FFQQ31TX9TwpQFtx4Sal9o6mDcMY 1iPQGUOaXuyExPi9gKAcEV4SOeyhfgZP7tPFmJ+mgLTDtJ1MowtP/zOwGB9FIXgN 2ivF8diZYmo9vaoewTiAlZ/ZbHGIeNyDkdbKIjU3ddcjYOgxABrmO8V8TEf0MRdt sNvqkiM/qF1wuRMKHqhy1HtXPnH6+Sie+vbqoPAhjKPyWeTbx8g4JXBY0XLkjDha d0cGKb+UgQX/VCc0BrqN =a4ak -----END PGP SIGNATURE----- |
