Re: [sqlmap-users] Best way to create a sqlmap wrapper
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Best way to create a sqlmap wrapper
|
From: Miroslav S. <mir...@gm...> - 2011-01-28 21:55:49
|
you can also make a dirty hack on your side. hint: >>> import sys >>> import urllib2 >>> sys.modules['urllib2'] <module 'urllib2' from '...'> >>> import os >>> sys.modules['urllib2'] = os >>> import urllib2 >>> dir(urllib2) ['F_OK', 'O_APPEND', 'O_BINARY', 'O_CREAT', 'O_EXCL', 'O_NOINHERIT', 'O_RANDOM', 'O_RDONLY', 'O_RDWR', 'O_SEQUENTIAL', 'O_SHORT_LIVED', 'O_TEMPORARY', 'O_TEXT', 'O_TRUNC', 'O_WRONLY', 'P_DETACH', 'P_NOWAIT', 'P_NOWAITO', 'P_OVERLAY', 'P_WAI ... kr On Fri, Jan 28, 2011 at 10:51 PM, Miroslav Stampar <mir...@gm...> wrote: > hi Andreas. > > On Fri, Jan 28, 2011 at 6:55 PM, Andres Riancho > <and...@gm...> wrote: >> Miroslav, >> >> On Thu, Jan 27, 2011 at 7:12 PM, Miroslav Stampar >> <mir...@gm...> wrote: >>> Hi. >>> >>> I would suggest you to research "lib\core\testing.py" (liveTest() >>> together with auxiliary methods). It was not updated for quite long >>> time, but it should be useful for starters. It's meant for our >>> internal testing (smoke testing for dummy checking via module loading >>> and live testing against our VMs). >> >> Cool, I'll take a look at that. Something else I'm thinking about >> is that sqlmap uses urllib2 to send HTTP requests, while w3af uses a >> urllib2 wrapper, and when a w3af user sets proxy settings and stuff he >> expects that to be applied "system-wide", affecting sqlmap. Is there > > switch --ignore-proxy can be used to ignore "system-wide" proxy > setting, while the default behavior is to use "system-wide" proxy, so > sqlmap is quite smart in this field. > >> any easy way to modify sqlmap to use our >> HTTP_request_sender_object.GET() ? > well, no easy way out of box. we haven't "meant" this kind of things :) > > as it would require us to make a "dirty hack" on our side, i would > suggest you guys to play around a bit and if you have some suggestions > from your side (avoiding word "dirty" on our side) feel free to tell. > > kr >> >> Regards, >> >>> KR >>> >>> On Thu, Jan 27, 2011 at 11:04 PM, Andres Riancho >>> <and...@gm...> wrote: >>>> Guys, >>>> >>>> What's the best way to create a sqlmap wrapper? >>>> >>>> In the w3af project we have a very old version of sqlmap >>>> integrated as an attack plugin [0]. Right now we're doing something >>>> like: "import sqlmap ; sqlmap.do_something()". Since the sqlmap >>>> version we include is very old, I would like to update it to the >>>> latest trunk version. My objective is to build something that's >>>> extensible and will allow me to update w3af's sqlmap frequently >>>> without any (if possible) effort. In order to do that, I need to write >>>> a decent wrapper that will not depend on the changes in sqlmap's >>>> implementation. >>>> >>>> Ideas? >>>> >>>> Regards, >>>> >>>> [0] (which is called sqlmap, we don't try to fool nobody or steal your efforts) >>>> -- >>>> Andrés Riancho >>>> Director of Web Security at Rapid7 LLC >>>> Founder at Bonsai Information Security >>>> Project Leader at w3af >>>> >>>> ------------------------------------------------------------------------------ >>>> Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! >>>> Finally, a world-class log management solution at an even better price-free! >>>> Download using promo code Free_Logger_4_Dev2Dev. Offer expires >>>> February 28th, so secure your free ArcSight Logger TODAY! >>>> http://p.sf.net/sfu/arcsight-sfd2d >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sql...@li... >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>> >>> >>> >>> -- >>> Miroslav Stampar >>> >>> E-mail / Jabber: miroslav.stampar (at) gmail.com >>> Mobile: +385921010204 (HR 0921010204) >>> PGP Key ID: 0xB5397B1B >>> Location: Zagreb, Croatia >>> >> >> >> >> -- >> Andrés Riancho >> Director of Web Security at Rapid7 LLC >> Founder at Bonsai Information Security >> Project Leader at w3af >> > > > > -- > Miroslav Stampar > > E-mail / Jabber: miroslav.stampar (at) gmail.com > Mobile: +385921010204 (HR 0921010204) > PGP Key ID: 0xB5397B1B > Location: Zagreb, Croatia > -- Miroslav Stampar E-mail / Jabber: miroslav.stampar (at) gmail.com Mobile: +385921010204 (HR 0921010204) PGP Key ID: 0xB5397B1B Location: Zagreb, Croatia |
