[sqlmap-users] [Bug] 1 bug and 2 optimizations
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] [Bug] 1 bug and 2 optimizations
|
From: Kasper F. <th...@ma...> - 2010-05-11 09:53:24
|
Hello Sqlmap. Bug: When using sqlmap with --threads option, sqlmap first fetches the length of the thing to fetch, and afterwards starts some threads to fetch it. Lets say it found a length 5 output, then it will write: _ _ _ _ _ Then, when sqlmap finds the first of these, it will write this: - - - - - (1/5 20%) But, notice that it DID NOT write the letter it found. When the next letter is found it will write x _ _ _ _ (2/5 40%) It seems that it is "one-character behind" in displaying it to the user. Optimization 1: As just mentioned, when using --threads sqlmap first fetches the length of the output. It seems to me that no special fetching method is used for this, just one thread that fetches the number like any other output. But we know it is a number, and therefore we should be able to decrease the binary-searching to only search in the range of these numbers. A smart way to implement this might be to first check if the character we are trying to find is larger or equal to 0, and then check if it is smaller than or equal to 9. This should decrease the range, but still be able to find non-number outputs. Optimization 2: I have notized, that when having a rather large session file, sqlmap is crunching on this for a very long time - I don't know what it is doing, but my guess is that it is building some datastructure over the file. If I have a 4MB session file, sqlmap will use 100% of the CPU for about ½-1 minute. I have no concrete idea to decrease this time, but I feel that it is an awfully long time, especially if a connection is lost, and I have to restart multiple times. /Kasper |
