Re: [sqlmap-users] --keep-alive
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] --keep-alive
|
From: Kasper F. <th...@ma...> - 2010-06-19 22:27:01
|
This is a great feature, thanks for giving a try on it! I have tested it on two pages. One is pretty fast, other is pretty slow. I have used threads and batchmode. My results: It seems to receive invalid responses now and then. SQLmap reports that "the target url responded with an unknown HTTP status code..." and that I should try to set the user agent. Sqlmap goes down. Running the program once again, and the program might get through the same point just fine. What is worse: it actually sometimes fetches wrong results. I have tried fetching a long line (30 chars) out of a database, seeing that it looked weird I deleted the last line in the session file and tried again - this time some chars where not the same! This is bad! I did this multiple times and some characters were different nearly each time. Other then that it really speeds up the fetching. I hope this will get to be a default feature once! /Kasper On 11-06-2010 10:28, Miroslav Stampar wrote: > Hi. > > Currently as a part of development process we've added support for > Keep-alive sessions (using "slightly adjusted version" of Keepalive > module from Michael D. Stenner's urlgrabber project - > http://linux.duke.edu/urlgrabber/), which by first results gave great > results (in some cases up to 2.5x times faster scanning, particularly > in multi threading mode). > > Right now that option is hidden behind --keep-alive switch (not > visible in help menu) and we would like you to test it thoroughly > before we turn it on as a default part of sqlmap. We just want to be > sure that everything works as expected (only a bit faster :). > > Also, in case that you are doing a session behind a proxy (explicitly > by --proxy or implicitly by a system set one) keep alive is > automatically turned off because, as result of Bernardo's research: > "Use Keep-Alive (persistent HTTP connection) only if a proxy is not > set - http://www.w3.org/Protocols/rfc2616/rfc2616-sec8.html". > > So, please checkout sqlmap's latest version from it's repository and > please report any "inconveniences" you find. > > Kind regards. > > |
