Re: [sqlmap-users] SQLmap -l option bug

[Miroslav S. <mir...@gm...>]

Hi Karel.

This should be fixed now [1].

Kind regards,
Miroslav Stampar

[1] https://github.com/sqlmapproject/sqlmap/issues/198

On Tue, Oct 9, 2012 at 11:04 AM, Karel Marhoul <rez...@se...> wrote:

> I could confirm this behavior with these versions of burp:
>
> Burp Suite Proffesional 1.4.12
> Burp Suite Proffesional 1.5rc3
>
> Patch would be appreciated.
>
> Regards
>
> Karel
>
>
> On 9.10.2012 10:49, Miroslav Stampar wrote:
>
>> Hi again.
>>
>> It's a preamble, but the request itself is down below. We process
>> requests, not preambles. As we need to support generic LOG files, we are
>> "hunting" for requests itself.
>>
>> If somebody could confirm that Burp really strips any HTTPS "tips" from
>> the requests and just puts those in preambles (like in your case), I'll
>> gladly do the "patching".
>>
>> Kind regards,
>> Miroslav Stampar
>>
>> On Tue, Oct 9, 2012 at 10:44 AM, Karel Marhoul <rez...@se...
>> <mailto:rez...@se...>> wrote:
>>
>>     Hello Miroslav, there is a mention of port 443 in the request
>>     "preamble", see:
>>
>>      >     ==============================**__========================
>>
>>      >     12:40:22 https://www.xxx.cz:443  [81.91.80.92]
>>      >     ==============================**__========================
>>
>>
>>     That specific request came from HTTPS page and landed toward HTTP,
>>     I'm sure of that.
>>
>>     I suggest sqlmap log parser should first look at the port in the
>>     request preamble and then send the request to this port - is that
>>     possible to implement?
>>
>>     Regards
>>
>>     Karel
>>
>>     On 9.10.2012 10:30, Miroslav Stampar wrote:
>>
>>         Hi Karel.
>>
>>         Strictly speaking there is no bug here. If you take a look
>> carefully
>>         into the HTTP request inside you'll see that there is no mention
>> of
>>         either HTTPS nor 443 inside the request itself. It seems like the
>>         request came from the https page (referer header), but landed
>>         toward the
>>         HTTP land.
>>
>>         I would suggest you to just try to append the :443 to the Host
>>         header
>>         value (Host: www.xxx.cz <http://www.xxx.cz> <http://www.xxx.cz>
>>
>>         -> Host: www.xxx.cz:443 <http://www.xxx.cz:443>
>>         <http://www.xxx.cz:443>)
>>
>>         Kind regards,
>>         Miroslav Stampar
>>
>>         On Sun, Oct 7, 2012 at 1:37 PM, Karel Marhoul
>>         <rez...@se... <mailto:rez...@se...>
>>         <mailto:rez...@se... <mailto:rez...@se...>>**>
>> wrote:
>>
>>              Hello, I came across a bug while using sqlmap with -l
>>         parameter. I have
>>              burp log file with following content (only one request to
>>         https port):
>>
>>              ==============================**__========================
>>
>>              12:40:22 https://www.xxx.cz:443  [81.91.80.92]
>>              ==============================**__========================
>>              GET
>>
>>         /index.php?option=com_thumber&**__view=thumb&format=image&**
>> path=__images/cups/web-xxx-**klub___ikona-spion.jpg&newX=**160&newY=__120
>>              HTTP/1.1
>>              Host: www.xxx.cz <http://www.xxx.cz> <http://www.xxx.cz>
>>
>>              User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0)
>>         Gecko/20100101
>>              Firefox/15.0.1
>>              Accept: image/png,image/*;q=0.8,*/*;q=**__0.5
>>
>>              Accept-Language: en-us,en;q=0.5
>>              Accept-Encoding: gzip, deflate
>>              Connection: keep-alive
>>              Referer: https://www.xxx.cz/
>>              Cookie:
>>         __utma=148540003.1998141124.__**1349164485.1349423437.__**
>> 1349599213.20;
>>
>>         __utmz=148540003.1349164485.1.**__1.utmcsr=(direct)|utmccn=(__**
>> direct)|utmcmd=(none);
>>              theme_cookie=life;
>>              e6da1f1e61cfd387eff8fb21161379**__6e=**
>> 3c29965kggoo45p49dhrs1npq0;
>>              __utmc=148540003
>>              Cache-Control: max-age=0
>>
>>              ==============================**__========================
>>
>>              Then I start sqlmap this way:
>>
>>              ./sqlmap.py -l /root/burp.log --batch --threads=10
>>              --scope=www.xxx.cz <http://www.xxx.cz> <http://www.xxx.cz>
>>
>>
>>              And sqlmap instead of sending request to https (443) port
>>         it will use
>>              http (80) port instead:
>>
>>              ------------------------------**
>> __---------------------------
>>
>>              [13:21:55] [INFO] using regular expression 'www.xxx.cz
>>         <http://www.xxx.cz>
>>              <http://www.xxx.cz>' for filtering
>>              targets
>>              [13:21:55] [INFO] sqlmap parsed 1 testable requests from
>>         the targets
>>              list
>>              [13:21:55] [INFO] url 1:
>>              GET
>>         http://www.xxx.cz:80/index.__**php?option=com_thumber&view=__**
>> thumb&format=image&path=__**images/cups/web-xxx-klub___**
>> ikona-spion.jpg&newX=160&newY=**__120<http://www.xxx.cz:80/index.__php?option=com_thumber&view=__thumb&format=image&path=__images/cups/web-xxx-klub___ikona-spion.jpg&newX=160&newY=__120>
>>         <http://www.xxx.cz:80/index.**php?option=com_thumber&view=**
>> thumb&format=image&path=**images/cups/web-xxx-klub_**
>> ikona-spion.jpg&newX=160&newY=**120<http://www.xxx.cz:80/index.php?option=com_thumber&view=thumb&format=image&path=images/cups/web-xxx-klub_ikona-spion.jpg&newX=160&newY=120>
>> >
>>              Cookie:
>>         __utma=148540003.1998141124.__**1349164485.1349423437.__**
>> 1349599213.20;
>>
>>         __utmz=148540003.1349164485.1.**__1.utmcsr=(direct)|utmccn=(__**
>> direct)|utmcmd=(none);
>>              theme_cookie=life;
>>              e6da1f1e61cfd387eff8fb21161379**__6e=**
>> 3c29965kggoo45p49dhrs1npq0;
>>              __utmc=148540003
>>              do you want to test this url? [Y/n/q]
>>                > Y
>>              [snip]
>>              ------------------------------**
>> __---------------------------
>>
>>
>>              Could you please fix this?
>>
>>              Regards
>>
>>              Karel Marhoul
>>
>>
>>         ------------------------------**__----------------------------**
>> --__------------------
>>
>>              Don't let slow site performance ruin your business. Deploy
>>         New Relic APM
>>              Deploy New Relic app performance management and know exactly
>>              what is happening inside your Ruby, Python, PHP, Java, and
>>         .NET app
>>              Try New Relic at no cost today and get our sweet Data Nerd
>>         shirt too!
>>         http://p.sf.net/sfu/newrelic-_**_dev2dev<http://p.sf.net/sfu/newrelic-__dev2dev>
>>         <http://p.sf.net/sfu/newrelic-**dev2dev<http://p.sf.net/sfu/newrelic-dev2dev>
>> >
>>              ______________________________**___________________
>>              sqlmap-users mailing list
>>         sqlmap-users@lists.__sourcefor**ge.net <http://sourceforge.net>
>>         <mailto:sqlmap-users@lists.**sourceforge.net<sql...@li...>
>> >
>>              <mailto:sqlmap-users@lists.__s**ourceforge.net<http://sourceforge.net>
>>         <mailto:sqlmap-users@lists.**sourceforge.net<sql...@li...>
>> >>
>>         https://lists.sourceforge.net/**__lists/listinfo/sqlmap-users<https://lists.sourceforge.net/__lists/listinfo/sqlmap-users>
>>         <https://lists.sourceforge.**net/lists/listinfo/sqlmap-**users<https://lists.sourceforge.net/lists/listinfo/sqlmap-users>
>> >
>>
>>
>>
>>
>>         --
>>         Miroslav Stampar
>>         http://about.me/stamparm
>>
>>
>>
>>
>>
>> --
>> Miroslav Stampar
>> http://about.me/stamparm
>>
>
>


-- 
Miroslav Stampar
http://about.me/stamparm