[sqlmap-users] my stand on sqlmap
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] my stand on sqlmap
|
From: Joe \Pragmatk\ <pra...@gm...> - 2010-06-01 09:46:28
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This is a quick email to the sqlmap hard core Although I have used sqlmap for no more than three holes - three holes it failed to exploit - I have been following the project for some time. A friend of mine recently encouraged me to give it another chance, so I have some questions: - - Does sqlmap support exporting to some sort of binary-safe export format (sqlite, csv, .sql format, heck - even urlencoded or c-string-escaped)? I found the text-only output options greatly disappointing :-( - - http://sqlmap.sourceforge.net/features.html states that: "Each dynamic parameter is tested for numeric, single quoted string, double quoted string and all of these three data-types with zero to two parenthesis to correctly detect which is the SELECT statement syntax to perform further injections with" - --- Is there an easy way to extend this sparse selection of test cases, or will I have to set up my own patch repo for modifications? "Option to specify the maximum number of concurrent HTTP requests to speed up the inferential blind SQL injection algorithms (multi-threading)." - --- multi-threading is - of course - very nice, but does sqlmap support "persistent" http connections (reuse of existing tcp-connections using the Keep-Alive HTTP-header)? I implemented this for my own tool and the speed gain was enormous. Last time I asked about this, both the developers and I were unable to find a Python module that supported this relatively simple feature. "Automatic support to save the session (queries and their output, even if partially retrieved) in real time while fetching the data on a text file and resume the injection from this file in a second time. " - --- Has the off-by-one when resuming blind queries been fixed? I think the post exploitation-stuff that you have implemented, especially the tie-in with msf, is really cool. Respect! joe -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQIcBAEBAgAGBQJMBNboAAoJEBoJnpcyPHg3XGYP/0fXmIqjQepueDlLyQexUFJ+ rdvLeXxMazd2y0B33T7y7cBNRQUU8pK4X1gIIeFuAJQsl7SUu2UoFThMGRwTPvkL iQhFjzZ0jnN9qM438NxiarFT77/ytL1nU7Bw+MgT0LyK8EmQHhaMD+G3DLDzI9J0 498Y+nvLVOzeinrw1VvonUlky+FD7Icnl/ufwy4q51QNOZ8jWK3D3Tm8+fvzpSIi ES4qnEeM2NbNUqQRcusjR5Zu5XXVL0iHjK5fM0FcFM0Zzl2nqLyhN71SHm6606eb 1YQWBKPbezMh4+U+4cnKShwOrJnLWwkCifPHuBfl32CDXGrts+9QrZasCdXHhSYd sI9QmiSR5ibNcmPaCXNIz4L45llHsJi4Gnm9SrgCl0RXQsohYIaEZE3R9la8L4qv P8rQhX3pQBl8/o6tVC8pK0H3EL/uZ4jGJP+iPd3Kb+D2UaKurcBiO/p4+WdEtqF+ UkXWss0WRYEqbGKxXhEHp7KR9e4uVRVa/LiReNOAtCUrW2nDJPi0yDMgb47czmnd tnPCGOT3KSot0ch1fiDbwaNNGeZSI3iTLjVW+/GV6q4IRZPe3YrHomV8+ZjKBJmT aS0Ttwawm2/s5HslMvO1SB9MnjpSgQkQ87VIZofbBDmgt24/e4SPbAij1grFuodI jqalOBKQ8ADXwaOEu4su =9bGj -----END PGP SIGNATURE----- |
