Re: [sqlmap-users] raise InvalidURL nonnumeric port
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] raise InvalidURL nonnumeric port
|
From: Miroslav S. <mir...@gm...> - 2012-04-10 22:04:04
|
Hi Julia. On Tue, Apr 10, 2012 at 11:40 PM, Julia Wolf <jw...@fi...> wrote: > On Fri, 6 Apr 2012, Miroslav Stampar wrote: > > On Fri, Apr 6, 2012 at 2:09 AM, Julia Wolf <jw...@fi...> wrote: >> >> Unrelated... I can't seem to get SQLMap to fully parse Burp logs. It >>> says >>> >>> [19:13:04] [DEBUG] parsing targets list from '/home/jwolf/burpreq.log' >>> [19:13:05] [INFO] sqlmap parsed 18 testable requests from the targets >>> list >>> [19:13:05] [INFO] sqlmap got a total of 18 targets >>> >>> I know there's more than eighteen targets... >>> >>> > Are you sure there are more than 18 targets with unique parameters inside? >> That uniq says unique strings it found, but it doesn't go through >> parameter >> names to see what can be exploited. >> > > There are 293 fields in my recorded session. > > Another odd thing about this, I chopped the first 509600 bytes (8%) off > the beginning of the Burp log (on a record boundary of course) and SQLMap > still reports that it only found 18 targets -- but it will still always > start with the first URL from the Burp log anyway. (I chopped it elsewhere > previously with the same result.) > > I mean if the Burp log starts with: > > ==============================**======================== > 6:25:56 PM https://10.6.1.142:443 > ==============================**======================== > POST /analysis/filter HTTP/1.1 > Host: 10.6.1.142 > User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:11.0) > Gecko/20100101 Firefox/11.0 > Accept: text/javascript, text/html, application/xml, text/xml, */* > [blah blah blah...] > Content-Length: ... > Cookie: _session_id=**ab36ffc767c4fea19473af1a10a03d**671; Cache-Control: > no-cache > > utf8=%E2%9C%93&token=**0Uocx9Clc&filter_text=moo&** > case_sensitive=1&username=foo > ==============================**======================== > HTTP/1.1 200 OK > Date: Thu, 05 Apr 2012 01:25:56 GMT > Server: Whatever 2.0 > Content-Type: text/javascript; charset=utf-8 > [...] > > ... Then SQLMap will start testing this URI, with these parameters > correctly. > > Oh, I may have spoken too soon... SQLMap seems to be sticking the > "=============================**=========================" division onto > the end of the last field, "username=foo=================** > ==============================**=======" Fixed with last revision r4979 > in this example. But other than that it seems to be working ok. (And I > mean, 'ok' until it crashes with "InvalidURL: nonnumeric port:" ) > > Will take a look KInd regards -- Miroslav Stampar http://about.me/stamparm |
