Re: [sqlmap-users] Feature Request - Select Specific Test

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Miroslav,

It looks like --test-filter is what I need. I don't need a custom suffix 
and prefix, I just need to force sqlmap to use a specific test it 
already has in its collection of payloads.xml and only that test. If I 
can use test-filter to select exactly the test I need and sqlmap will 
only use that one, then I think my needs are filled.

Much appreciated.

- Yori

On 6/13/2012 6:42 PM, Miroslav Stampar wrote:
> Hi Yori.
>
> "With that in mind it makes sense to be able to specify a test/payload 
> combination that you have found and you know is working."
>
> We already have two mechanisms for such thing:
> 1) --prefix/--suffix where you can specify what are the prefix and 
> suffix of SQL injection vector (e.g. --prefix="'" --suffix="-- " )
> 2) --test-filter (hidden this moment) where you can target a specific 
> test by it's name or payload (e.g. --test-filter="ROW" would trigger 
> MySQL error-based injection test based on old ROW(..,..)>... technique)
>
> Now, please, if you have something other on your mind please tell so 
> we could discuss and maybe find some other mechanism (if those 2 don't 
> satisfy your needs)
>
> Kind regards,
> Miroslav Stampar
>
> On Wed, Jun 13, 2012 at 10:19 PM, Yori Kvitchko 
> <yo...@co... 
> <mailto:yo...@co...>> wrote:
>
>     Hey Everyone,
>
>     New to the list but have been using sqlmap for a while now. I recently
>     participated in a CTF with an interesting blind, filter bypass sql
>     injection. Lots of restrictions. I set a challenge for myself to solve
>     it using sqlmap and managed to get it working with some effort. Of the
>     changes I had to make to get it to work included modifications to
>     queries.xml as well as specific arguments, but most of what I'm
>     going to
>     request here is about payloads.xml.
>
>     In trying to solve the challenge, I realized I needed to make sqlmap
>     laser focus on a single test. This was both for false negative
>     reduction, number of queries sent, and time limit. I did this
>     myself by
>     removing every other test from payloads.xml but it brought to mind the
>     idea of being able to specify a test via command line arguments.
>     You can
>     specify pretty much everything else on the command line, so the added
>     granularity would be nice.
>
>     My philosophy on sql injection is that testing for it should be done
>     manually, then once found, get a tool like sqlmap to work with it and
>     perform all the time consuming brute forcing work for you. With
>     that in
>     mind it makes sense to be able to specify a test/payload combination
>     that you have found and you know is working.
>
>     Thanks for your consideration. Excellent work on the tool.
>
>     - Yori
>
>     ------------------------------------------------------------------------------
>     Live Security Virtual Conference
>     Exclusive live event will cover all the ways today's security and
>     threat landscape has changed and how IT managers can respond.
>     Discussions
>     will include endpoint security, mobile security and the latest in
>     malware
>     threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>     _______________________________________________
>     sqlmap-users mailing list
>     sql...@li...
>     <mailto:sql...@li...>
>     https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
>
> -- 
> Miroslav Stampar
> http://about.me/stamparm