Re: [sqlmap-users] Missing SQLMap Feature
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Missing SQLMap Feature
|
From: Bernardo D. A. G. <ber...@gm...> - 2009-08-19 07:43:28
|
Hi Walter, On Mon, Aug 17, 2009 at 18:34, Walter Stanish<wal...@sa...> wrote: > ... > - no automatic extraction of forms / ajax URLs (could detect common > javascript framework ajax requests/URLs from linked .js sourcefiles) sqlmap has no crawling/spidering functionality and I have no plans to implement such. However, you can surf the site via WebScarab or Burp logging all requests in a log file then pass it to sqlmap with -l command line option. > … There should be an option to ‘force testing of all parameters’ or > ‘force testing of specific parameters’. (I had to hack the source to make > checkDynParam ‘return True’ to fix this.) Read the manual, also -h is enough for the list of options! The option is -p. It skips the dynamicity test. > - you could also add ‘Accept-lang:’ as a field to test, as some > multilingual sites will be parsing this I will refactor the detection phase in the mid term and perhaps include this too. Cheers, -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
