Re: [sqlmap-users] Best way to create a sqlmap wrapper
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Best way to create a sqlmap wrapper
|
From: Andres R. <and...@gm...> - 2011-01-28 17:56:02
|
Miroslav,
On Thu, Jan 27, 2011 at 7:12 PM, Miroslav Stampar
<mir...@gm...> wrote:
> Hi.
>
> I would suggest you to research "lib\core\testing.py" (liveTest()
> together with auxiliary methods). It was not updated for quite long
> time, but it should be useful for starters. It's meant for our
> internal testing (smoke testing for dummy checking via module loading
> and live testing against our VMs).
Cool, I'll take a look at that. Something else I'm thinking about
is that sqlmap uses urllib2 to send HTTP requests, while w3af uses a
urllib2 wrapper, and when a w3af user sets proxy settings and stuff he
expects that to be applied "system-wide", affecting sqlmap. Is there
any easy way to modify sqlmap to use our
HTTP_request_sender_object.GET() ?
Regards,
> KR
>
> On Thu, Jan 27, 2011 at 11:04 PM, Andres Riancho
> <and...@gm...> wrote:
>> Guys,
>>
>> What's the best way to create a sqlmap wrapper?
>>
>> In the w3af project we have a very old version of sqlmap
>> integrated as an attack plugin [0]. Right now we're doing something
>> like: "import sqlmap ; sqlmap.do_something()". Since the sqlmap
>> version we include is very old, I would like to update it to the
>> latest trunk version. My objective is to build something that's
>> extensible and will allow me to update w3af's sqlmap frequently
>> without any (if possible) effort. In order to do that, I need to write
>> a decent wrapper that will not depend on the changes in sqlmap's
>> implementation.
>>
>> Ideas?
>>
>> Regards,
>>
>> [0] (which is called sqlmap, we don't try to fool nobody or steal your efforts)
>> --
>> Andrés Riancho
>> Director of Web Security at Rapid7 LLC
>> Founder at Bonsai Information Security
>> Project Leader at w3af
>>
>> ------------------------------------------------------------------------------
>> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
>> Finally, a world-class log management solution at an even better price-free!
>> Download using promo code Free_Logger_4_Dev2Dev. Offer expires
>> February 28th, so secure your free ArcSight Logger TODAY!
>> http://p.sf.net/sfu/arcsight-sfd2d
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>
>
>
> --
> Miroslav Stampar
>
> E-mail / Jabber: miroslav.stampar (at) gmail.com
> Mobile: +385921010204 (HR 0921010204)
> PGP Key ID: 0xB5397B1B
> Location: Zagreb, Croatia
>
--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af
|
