Re: [sqlmap-users] Threads optimization
Brought to you by:
inquisb
From: Miroslav S. <mir...@gm...> - 2012-05-29 07:16:59
|
Hi Marco. Thank you for your advice. You are probably talking about BOOLEAN based technique. Now, we've chosen an approach that will be most optimal from coding aspect. Also, currently other techniques (error and union) are used far more often than inference ones (boolean and time-based). Why is that an optimal approach? Because in boolean technique in multithreading mode sqlmap is using an generic retrieval of any SQL query result - 1) retrieve result length 2) distribute among multiple threads. Now, doing something like lots of 1s and do multithreaded lots of 2s would screw our internal approach. Believe me, this all has to be VERY generic to work on all DBMSes for all cases. Implementing your approach would just put too much effort (rewriting whole sqlmap, not just that enumeration of table names) with too little positive effects. Kind regards, Miroslav Stampar On Tue, May 29, 2012 at 9:02 AM, Marco Mirandola <mm...@gm...> wrote: > Great Miroslav > > I give you some advice on optimizing the use of multithreads... > > Currently in multi threads sqlMap works like this: > - To enum tables (1 thread) > - Retrieve length table 'I' (1 thread) > - Retrieve name table 'I' (multiple threads) > - Retrieve length table 'II' (1 thread) > - Retrieve name table 'II' (multi-threads) > - Retrieve length table 'III' (1 thread) > - Retrieve name table 'III' (multi-threads) > ... > - Retrieve length table 'n' (1 thread) > - Retrieve name table 'n' (multiple threads) > > when working on a single thread latency is too much, you could optimize it: > - To enum tables (1 thread) > *- Retrieve the length of all tables (multi-threads)* > - Retrieve name table 'I' (multiple threads) > - Retrieve name table 'II' (multi-threads) > - Retrieve name table 'III' (multi-threads) > ... > - Retrieve name table 'n' (multiple threads) > > Best regards 8-D > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm |