Re: [sqlmap-users] SQLmap -l option bug
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] SQLmap -l option bug
|
From: Miroslav S. <mir...@gm...> - 2012-10-09 09:13:34
|
Ok. I'll do the patching and let you know. Kind regards, Miroslav Stampar On Tue, Oct 9, 2012 at 11:12 AM, Dennis <kor...@ya...> wrote: > Hey, > > burp acts as you suspected. Here's an example of https://google.de logged > from a burp pro v1.4.12: > > ====================================================== > 11:05:56 https://www.google.de:443 [173.194.35.184] > ====================================================== > GET / HTTP/1.1 > Host: www.google.de > > User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 > Firefox/15.0.1 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3 > Accept-Encoding: gzip, deflate > DNT: 1 > Connection: keep-alive > Cookie: xxx > Pragma: no-cache > Cache-Control: no-cache > > > ====================================================== > > The same goes for burp's "Copy to File" feature. I usually use the > --force-ssl flag to circumvent this. > > Cheers, > Dennis > > > Am 09.10.2012 10:49, schrieb Miroslav Stampar: > > Hi again. > > It's a preamble, but the request itself is down below. We process > requests, not preambles. As we need to support generic LOG files, we are > "hunting" for requests itself. > > If somebody could confirm that Burp really strips any HTTPS "tips" from > the requests and just puts those in preambles (like in your case), I'll > gladly do the "patching". > > Kind regards, > Miroslav Stampar > > On Tue, Oct 9, 2012 at 10:44 AM, Karel Marhoul <rez...@se...>wrote: > >> Hello Miroslav, there is a mention of port 443 in the request "preamble", >> see: >> >> > ====================================================== >> > 12:40:22 https://www.xxx.cz:443 [81.91.80.92] >> > ====================================================== >> >> That specific request came from HTTPS page and landed toward HTTP, I'm >> sure of that. >> >> I suggest sqlmap log parser should first look at the port in the request >> preamble and then send the request to this port - is that possible to >> implement? >> >> Regards >> >> Karel >> >> On 9.10.2012 10:30, Miroslav Stampar wrote: >> >>> Hi Karel. >>> >>> Strictly speaking there is no bug here. If you take a look carefully >>> into the HTTP request inside you'll see that there is no mention of >>> either HTTPS nor 443 inside the request itself. It seems like the >>> request came from the https page (referer header), but landed toward the >>> HTTP land. >>> >>> I would suggest you to just try to append the :443 to the Host header >>> value (Host: www.xxx.cz <http://www.xxx.cz> -> Host: www.xxx.cz:443 >>> <http://www.xxx.cz:443>) >>> >>> Kind regards, >>> Miroslav Stampar >>> >>> On Sun, Oct 7, 2012 at 1:37 PM, Karel Marhoul <rez...@se... >>> <mailto:rez...@se...>> wrote: >>> >>> Hello, I came across a bug while using sqlmap with -l parameter. I >>> have >>> burp log file with following content (only one request to https >>> port): >>> >>> ====================================================== >>> 12:40:22 https://www.xxx.cz:443 [81.91.80.92] >>> ====================================================== >>> GET >>> >>> /index.php?option=com_thumber&view=thumb&format=image&path=images/cups/web-xxx-klub_ikona-spion.jpg&newX=160&newY=120 >>> HTTP/1.1 >>> Host: www.xxx.cz <http://www.xxx.cz> >>> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) >>> Gecko/20100101 >>> Firefox/15.0.1 >>> Accept: image/png,image/*;q=0.8,*/*;q=0.5 >>> Accept-Language: en-us,en;q=0.5 >>> Accept-Encoding: gzip, deflate >>> Connection: keep-alive >>> Referer: https://www.xxx.cz/ >>> Cookie: >>> __utma=148540003.1998141124.1349164485.1349423437.1349599213.20; >>> >>> __utmz=148540003.1349164485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); >>> theme_cookie=life; >>> e6da1f1e61cfd387eff8fb211613796e=3c29965kggoo45p49dhrs1npq0; >>> __utmc=148540003 >>> Cache-Control: max-age=0 >>> >>> ====================================================== >>> >>> Then I start sqlmap this way: >>> >>> ./sqlmap.py -l /root/burp.log --batch --threads=10 >>> --scope=www.xxx.cz <http://www.xxx.cz> >>> >>> And sqlmap instead of sending request to https (443) port it will use >>> http (80) port instead: >>> >>> --------------------------------------------------------- >>> [13:21:55] [INFO] using regular expression 'www.xxx.cz >>> <http://www.xxx.cz>' for filtering >>> targets >>> [13:21:55] [INFO] sqlmap parsed 1 testable requests from the targets >>> list >>> [13:21:55] [INFO] url 1: >>> GET >>> >>> http://www.xxx.cz:80/index.php?option=com_thumber&view=thumb&format=image&path=images/cups/web-xxx-klub_ikona-spion.jpg&newX=160&newY=120 >>> Cookie: >>> __utma=148540003.1998141124.1349164485.1349423437.1349599213.20; >>> >>> __utmz=148540003.1349164485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); >>> theme_cookie=life; >>> e6da1f1e61cfd387eff8fb211613796e=3c29965kggoo45p49dhrs1npq0; >>> __utmc=148540003 >>> do you want to test this url? [Y/n/q] >>> > Y >>> [snip] >>> --------------------------------------------------------- >>> >>> Could you please fix this? >>> >>> Regards >>> >>> Karel Marhoul >>> >>> >>> ------------------------------------------------------------------------------ >>> Don't let slow site performance ruin your business. Deploy New Relic >>> APM >>> Deploy New Relic app performance management and know exactly >>> what is happening inside your Ruby, Python, PHP, Java, and .NET app >>> Try New Relic at no cost today and get our sweet Data Nerd shirt too! >>> http://p.sf.net/sfu/newrelic-dev2dev >>> _______________________________________________ >>> sqlmap-users mailing list >>> sql...@li... >>> <mailto:sql...@li...> >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>> >>> >>> >>> >>> -- >>> Miroslav Stampar >>> http://about.me/stamparm >>> >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > > > ------------------------------------------------------------------------------ > Don't let slow site performance ruin your business. Deploy New Relic APM > Deploy New Relic app performance management and know exactly > what is happening inside your Ruby, Python, PHP, Java, and .NET app > Try New Relic at no cost today and get our sweet Data Nerd shirt too!http://p.sf.net/sfu/newrelic-dev2dev > > > > _______________________________________________ > sqlmap-users mailing lis...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > -- Miroslav Stampar http://about.me/stamparm |
