Re: [sqlmap-users] Rate of attack with top level --level and --risk
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Rate of attack with top level --level and --risk
|
From: Chris O. <chr...@gm...> - 2011-01-12 12:01:04
|
Thanks for that Bernardo. I understand that it's dynamic, but would it be in the realms of possibility for (over the Internet to a responsive machine) > 200,000 requests to be made by sqlmap over an 8 hour period? This would be testing multiple post and cookie values and lots of blind testing. This apparently happened to a server recently, but I didn't run sqlmap through a proxy. I'm trying to narrow down which tool was responsible so that I can slow things down in the future. Chris. On 12 January 2011 11:45, Bernardo Damele A. G. <ber...@gm...>wrote: > Chris, > > It varies a lot. It depends whether or not the target URL is over the > Internet, the machine is responsive, there's no lag, etc. > It also depends on the parameter vulnerabilities. Say it's a simple > injection, sqlmap will spot it easily and quick with very little > number of requests. The number of requests the new detection engine > does is dynamic, it varies according to the results it gets from the > request/responses/delays received up until a certain moment. > > I recommend you run it once with default level and risk values and -v > 3 and once with level and risk increased to maximum to get an idea. > > Bernardo > > > On 12 January 2011 11:40, Chris Oakley <chr...@gm...> > wrote: > > Hi there > > > > With --level=5 and --risk=3 enabled, what kind of traffic does sqlmap > send, > > say, per hour? I meant to look at this through a proxy but if anyone has > a > > rough figure without me setting that up it'd be appreciated. > > > > Chris > > > > > ------------------------------------------------------------------------------ > > Protect Your Site and Customers from Malware Attacks > > Learn about various malware tactics and how to avoid them. Understand > > malware threats, the impact they can have on your business, and how you > > can protect your company and customers by using code signing. > > http://p.sf.net/sfu/oracle-sfdevnl > > _______________________________________________ > > sqlmap-users mailing list > > sql...@li... > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > > > > -- > Bernardo Damele A. G. > > E-mail / Jabber: bernardo.damele (at) gmail.com > Mobile: +447788962949 (UK 07788962949) > PGP Key ID: 0x05F5A30F > |
