Re: [sqlmap-users] sqlmap through proxy
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] sqlmap through proxy
|
From: David A. <dav...@gm...> - 2011-06-20 08:05:37
|
Hi, @buawig Thank you for your help. You understood me! @Miroslav Thank you very much for the patch kind regards From: Miroslav Stampar <miroslav.stampar@...<http://gmane.org/get-address.php?address=miroslav.stampar%2dRe5JQEeQqe8AvxtiuMwx3w%40public.gmane.org> > Subject: Re: sqlmap through proxy<http://news.gmane.org/find-root.php?message_id=%3cBANLkTinzosjQ04uiRX3x0srZFPGrUCmouw%40mail.gmail.com%3e> Newsgroups: gmane.comp.security.sqlmap<http://news.gmane.org/gmane.comp.security.sqlmap> Date: 2011-06-19 09:54:19 GMT (22 hours and 4 minutes ago) hi buawig. find it "patched" in the latest commit. kind regards On Sun, Jun 19, 2011 at 1:33 AM, <buawig@... <http://gmane.org/get-address.php?address=buawig%2dRe5JQEeQqe8AvxtiuMwx3w%40public.gmane.org>> wrote: > Miroslav Stampar wrote: >> quote from that same paragraph: >> >> " >> 10.5.5 504 Gateway Timeout >> >> The server, while acting as a gateway or proxy, did not receive a >> timely response from the upstream server specified by the URI (e.g. >> HTTP, FTP, LDAP) or some other auxiliary server (e.g. DNS) it needed >> to access in attempting to complete the request. >> " >> >> it clearly says that 504 is a general timeout without specific >> "cause". it says that it can be caused by remote server, DNS,... > > Yes I read the paragraph that I linked. ;) > > >> thing is that we don't know what's causing it (neither that 504 says >> the source as stated from that paragraph) and we need to treat it as >> any other timeout. also, i don't see any problems with that approach. > > You probably misunderstood me or I was not clear enough. > The important thing was > "the response came not from the upstream target specified in -u and > should not interpreted as such" > > If sqlmap would treat 504 'as any other timeout' then I wouldn't have > posted the link because that is what I'm expecting - sqlmap should treat > 504 like timeouts, but it does not seam to treat it as a timeout at all: > > test on a _*non*_ existing domain with proxy while the proxy returns 504 > +html page (status page): > > [INFO] testing connection to the target url > [INFO] heuristics detected web page charset 'ascii' > [WARNING] the web server responded with an HTTP error code which could > interfere with the results of the tests > [INFO] testing if the url is stable, wait a few seconds > [WARNING] url is not stable, sqlmap will base the page comparison on a > sequence matcher. If no dynamic nor injectable parameters are detected, > or in case of junk results, refer to user's manual paragraph 'Page > comparison' and provide a string or regular expression to match on > how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] > > >From this output I guess sqlmap interprets the html page from the proxy > (504 status page) as if it were the page from the target and starts > testing. The question is, why does it start testing when it doesn't > reach the target? > > It probably should look like this: > > [INFO] testing connection to the target url > [CRITICAL] unable to connect to the target url (504 - Gateway Timeout), > sqlmap is going to retry the request > [CRITICAL] unable to connect to the target url (504 - Gateway Timeout, > sqlmap is going to retry the request > > [*] shutting down... > > sqlmap should not interpret the html page from the proxy as an html page > from a target if the proxy returns 504 (the reason does not really matter). > > > In future everyone will return 504 to avoid sqlmap scans ;) > > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@... <http://gmane.org/get-address.php?address=sqlmap%2dusers%2d5NWGOfrQmneRv%2bLV9MX5uipxlwaOVQ5f%40public.gmane.org> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- Miroslav Stampar On Fri, Jun 17, 2011 at 4:11 PM, Miroslav Stampar < mir...@gm...> wrote: > hi buawig. > > well, sure there is a misunderstanding here :) > > http://superuser.com/questions/272714/why-still-dns-lookup-when-using-proxy > > quote: > "Even when connecting via a proxy your browser needs to get the IP > address for the web site domain. Generally it will directly query the > DNS servers. If you are using a Socks 5 proxy, you can have the DNS > queries go through your proxy." > > there has to be a DNS request when dealing with HTTP proxy. > > about DNS leaks with TOR. we are aware of this issue and there is no > easy way out of it. believe me. I've spent three days searching and > implementing and there is NO easy way out of it. we can try to search > and use things like "tor-resolve" but it will work just for minor > number of cases (users which prepare environment for it). > > also, remember that solution I was doing for web based nslookup. i > still have the code, but it would be a decision on a user to trust it > or not. > > kr > > On Fri, Jun 17, 2011 at 3:41 PM, <bu...@gm...> wrote: > > Miroslav Stampar wrote: > >> hi David. > >> > >> you won't be able to redirect DNS requests through HTTP(s) proxy for > sure. > > > > I think there is a misunderstanding here. > > > > If you configure an application to route its HTTP(s) requests through a > > proxy the application itself should not generate any DNS requests. > > The application will also not send DNS requests to the proxy. > > > > The application - in this case sqlmap - should just ask the proxy to > > send a HTTP request to example.com, the proxy will take care of DNS > > resolution. > > > > I just tried sqlmap with --proxy and this is in my opinion a bug because > > sqlmap issues DNS queries even if --proxy is used. > > > > This bug can be quite serious for the guys using > > --tor > > or > > --proxy http://localhost:8118 > > because sqlmap will leak DNS queries to the local DNS server. > > > > > > > > > > -- > Miroslav Stampar > > E-mail: miroslav.stampar (at) gmail.com > PGP Key ID: 0xB5397B1B > |
