Re: [sqlmap-users] Best way to create a sqlmap wrapper
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Best way to create a sqlmap wrapper
|
From: Miroslav S. <mir...@gm...> - 2011-01-28 21:51:32
|
hi Andreas. On Fri, Jan 28, 2011 at 6:55 PM, Andres Riancho <and...@gm...> wrote: > Miroslav, > > On Thu, Jan 27, 2011 at 7:12 PM, Miroslav Stampar > <mir...@gm...> wrote: >> Hi. >> >> I would suggest you to research "lib\core\testing.py" (liveTest() >> together with auxiliary methods). It was not updated for quite long >> time, but it should be useful for starters. It's meant for our >> internal testing (smoke testing for dummy checking via module loading >> and live testing against our VMs). > > Cool, I'll take a look at that. Something else I'm thinking about > is that sqlmap uses urllib2 to send HTTP requests, while w3af uses a > urllib2 wrapper, and when a w3af user sets proxy settings and stuff he > expects that to be applied "system-wide", affecting sqlmap. Is there switch --ignore-proxy can be used to ignore "system-wide" proxy setting, while the default behavior is to use "system-wide" proxy, so sqlmap is quite smart in this field. > any easy way to modify sqlmap to use our > HTTP_request_sender_object.GET() ? well, no easy way out of box. we haven't "meant" this kind of things :) as it would require us to make a "dirty hack" on our side, i would suggest you guys to play around a bit and if you have some suggestions from your side (avoiding word "dirty" on our side) feel free to tell. kr > > Regards, > >> KR >> >> On Thu, Jan 27, 2011 at 11:04 PM, Andres Riancho >> <and...@gm...> wrote: >>> Guys, >>> >>> What's the best way to create a sqlmap wrapper? >>> >>> In the w3af project we have a very old version of sqlmap >>> integrated as an attack plugin [0]. Right now we're doing something >>> like: "import sqlmap ; sqlmap.do_something()". Since the sqlmap >>> version we include is very old, I would like to update it to the >>> latest trunk version. My objective is to build something that's >>> extensible and will allow me to update w3af's sqlmap frequently >>> without any (if possible) effort. In order to do that, I need to write >>> a decent wrapper that will not depend on the changes in sqlmap's >>> implementation. >>> >>> Ideas? >>> >>> Regards, >>> >>> [0] (which is called sqlmap, we don't try to fool nobody or steal your efforts) >>> -- >>> Andrés Riancho >>> Director of Web Security at Rapid7 LLC >>> Founder at Bonsai Information Security >>> Project Leader at w3af >>> >>> ------------------------------------------------------------------------------ >>> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! >>> Finally, a world-class log management solution at an even better price-free! >>> Download using promo code Free_Logger_4_Dev2Dev. Offer expires >>> February 28th, so secure your free ArcSight Logger TODAY! >>> http://p.sf.net/sfu/arcsight-sfd2d >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >> >> >> >> -- >> Miroslav Stampar >> >> E-mail / Jabber: miroslav.stampar (at) gmail.com >> Mobile: +385921010204 (HR 0921010204) >> PGP Key ID: 0xB5397B1B >> Location: Zagreb, Croatia >> > > > > -- > Andrés Riancho > Director of Web Security at Rapid7 LLC > Founder at Bonsai Information Security > Project Leader at w3af > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
