Re: [sqlmap-users] SQLmap replace space by comments?
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] SQLmap replace space by comments?
|
From: Bernardo D. A. G. <ber...@gm...> - 2010-09-06 14:34:16
|
Hi, Pass sqlmap requests through a HTTP proxy like Burp (www.portswigger.net/suite/) with --proxy http://127.0.0.1:8080 option and use Burp Match&Replace functionality if possible otherwise hack into sqlmap lib/core/request.py code. Cheers, Bernardo On Sat, Sep 4, 2010 at 15:35, Richard Miles <ric...@go...> wrote: > Hi bernardo, > > I'm testing a app and the site is protected by a IPS, so I have to use > comments /**/ to bypass it, I have to use comments instead of spaces. > > So, when I run SQLmap it fails because the IPS drop the connection > > [08:14:49] [INFO] testing unescaped numeric injection on GET parameter 'id' > [08:14:50] [WARNING] unable to connect to the target url or proxy, > sqlmap is going to retry the request > [08:14:51] [WARNING] unable to connect to the target url or proxy, > sqlmap is going to retry the request > [08:14:53] [WARNING] unable to connect to the target url or proxy, > sqlmap is going to retry the request > [08:14:54] [ERROR] unable to connect to the target url or proxy > > [*] shutting down at: 08:14:54 > > There is a simples to way to tell SQLmap to replace all spaces on the > queries with comments? I tried --prefix and --postfix, but it doesn't > appear to be why they are used for. > > If there is no easy way, can you please me what file / line I should > replace on the SQLmap source to replace all spaces with comments? > > Thanks and congratulations for the nice tool. > -- Bernardo Damele A. G. E-mail / Jabber: bernardo.damele (at) gmail.com Mobile: +447788962949 (UK 07788962949) PGP Key ID: 0x05F5A30F |
