Re: [sqlmap-users] New feature
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] New feature
|
From: Miroslav S. <mir...@gm...> - 2010-10-12 19:52:57
|
hi Carlos. i've understood the problem and i will try to make something out (no need for you to code it). kind regards. On Tue, Oct 12, 2010 at 8:02 PM, Carlos Gabriel Vergara <car...@gm...> wrote: > Hi! I was using sqlmap for a year or two, and in a lot of scenarios i > found the need of "touch" the urls that the tool crafts to send to the > server. > Most of the times this happens because all scenarios are some sort of > unique, even if they share the same DMBS. > In this cases i spend a lot of time programming pseudo proxys (quick > and dirty coding in python) to solve the obstacle. > I have some free time now, and want to make a module for sqlmap that > "tampers" the data to be send, let me introduce some logic to modify > it, and then send it to the server. > For example: i need to replace blanks with /**/ for a mssql server. I > will be using sqlmap like this: > > sqlmap -u "http://host/script.py?id=15" -p id > --tamper-script="/home/kaleb/script.py" > > In script.py, some sort of code that picks the GET/POST about to be > sent to the server, search for the blanks in the query, replace them > with /**/, and then give it back to sqlmap to be sended. > > Another example (mentioned in a previous thread): i need to replace > IFNULL(A,B) sentence with IF(ISNULL(A), B, A). It needed a lot of > string manipulation, made in a mini proxy, losting performance in the > middle. > > The question: which part of sqlmap code i need to start reviewing? > Thus i used it a lot, never looked into the code. In need a little > tip, just to start with something in mind. > > Thanks a lot. > > PD: excuse my rusty english, by the way =) > > -- > --------8<-------- > Carlos Gabriel Vergara > http://www.ThorSecurity.com.ar > > PGP: http://www.ThorSecurity.com.ar/gabrielvergara.pgp > -------->8-------- > > ------------------------------------------------------------------------------ > Beautiful is writing same markup. Internet Explorer 9 supports > standards for HTML5, CSS3, SVG 1.1, ECMAScript5, and DOM L2 & L3. > Spend less time writing and rewriting code and more time creating great > experiences on the web. Be a part of the beta today. > http://p.sf.net/sfu/beautyoftheweb > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
