Re: [sqlmap-users] SQLmap -l option bug
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] SQLmap -l option bug
|
From: Dennis <kor...@ya...> - 2012-10-09 11:05:02
|
Cool, thanks for the patch! Cheers Am 09.10.2012 12:32, schrieb Miroslav Stampar: > Hi Dennis. > > From now on sqlmap should take into the consideration the preamble too > - It takes it as a first choice for scheme::port values (e.g. > https::443). In case that there are different values inside the > request body itself, specifically Host header, then those values have > higher priority. > > Kind regards, > Miroslav Stampar > > On Tue, Oct 9, 2012 at 11:41 AM, Dennis <kor...@ya... > <mailto:kor...@ya...>> wrote: > > Hey Miroslav, > > how did you fix this? Does sqlmap take the preamble into account? > Or how do you figure out, what is https and what's not? > > Regards, > Dennis > > > Am 09.10.2012 11:36, schrieb Miroslav Stampar: >> Hi Karel. >> >> This should be fixed now [1]. >> >> Kind regards, >> Miroslav Stampar >> >> [1] https://github.com/sqlmapproject/sqlmap/issues/198 >> >> On Tue, Oct 9, 2012 at 11:04 AM, Karel Marhoul >> <rez...@se... <mailto:rez...@se...>> wrote: >> >> I could confirm this behavior with these versions of burp: >> >> Burp Suite Proffesional 1.4.12 >> Burp Suite Proffesional 1.5rc3 >> >> Patch would be appreciated. >> >> Regards >> >> Karel >> >> >> On 9.10.2012 10:49, Miroslav Stampar wrote: >> >> Hi again. >> >> It's a preamble, but the request itself is down below. We >> process >> requests, not preambles. As we need to support generic >> LOG files, we are >> "hunting" for requests itself. >> >> If somebody could confirm that Burp really strips any >> HTTPS "tips" from >> the requests and just puts those in preambles (like in >> your case), I'll >> gladly do the "patching". >> >> Kind regards, >> Miroslav Stampar >> >> On Tue, Oct 9, 2012 at 10:44 AM, Karel Marhoul >> <rez...@se... <mailto:rez...@se...> >> <mailto:rez...@se... >> <mailto:rez...@se...>>> wrote: >> >> Hello Miroslav, there is a mention of port 443 in the >> request >> "preamble", see: >> >> > >> ==============================__======================== >> >> > 12:40:22 https://www.xxx.cz:443 [81.91.80.92] >> > >> ==============================__======================== >> >> >> That specific request came from HTTPS page and landed >> toward HTTP, >> I'm sure of that. >> >> I suggest sqlmap log parser should first look at the >> port in the >> request preamble and then send the request to this >> port - is that >> possible to implement? >> >> Regards >> >> Karel >> >> On 9.10.2012 10:30, Miroslav Stampar wrote: >> >> Hi Karel. >> >> Strictly speaking there is no bug here. If you >> take a look carefully >> into the HTTP request inside you'll see that >> there is no mention of >> either HTTPS nor 443 inside the request itself. >> It seems like the >> request came from the https page (referer >> header), but landed >> toward the >> HTTP land. >> >> I would suggest you to just try to append the >> :443 to the Host >> header >> value (Host: www.xxx.cz <http://www.xxx.cz> >> <http://www.xxx.cz> <http://www.xxx.cz> >> >> -> Host: www.xxx.cz:443 <http://www.xxx.cz:443> >> <http://www.xxx.cz:443> >> <http://www.xxx.cz:443>) >> >> Kind regards, >> Miroslav Stampar >> >> On Sun, Oct 7, 2012 at 1:37 PM, Karel Marhoul >> <rez...@se... >> <mailto:rez...@se...> >> <mailto:rez...@se... <mailto:rez...@se...>> >> <mailto:rez...@se... >> <mailto:rez...@se...> >> <mailto:rez...@se... >> <mailto:rez...@se...>>>> wrote: >> >> Hello, I came across a bug while using >> sqlmap with -l >> parameter. I have >> burp log file with following content (only >> one request to >> https port): >> >> >> ==============================__======================== >> >> 12:40:22 https://www.xxx.cz:443 [81.91.80.92] >> >> ==============================__======================== >> GET >> >> >> /index.php?option=com_thumber&__view=thumb&format=image&path=__images/cups/web-xxx-klub___ikona-spion.jpg&newX=160&newY=__120 >> HTTP/1.1 >> Host: www.xxx.cz <http://www.xxx.cz> >> <http://www.xxx.cz> <http://www.xxx.cz> >> >> User-Agent: Mozilla/5.0 (Windows NT 6.1; >> WOW64; rv:15.0) >> Gecko/20100101 >> Firefox/15.0.1 >> Accept: image/png,image/*;q=0.8,*/*;q=__0.5 >> >> Accept-Language: en-us,en;q=0.5 >> Accept-Encoding: gzip, deflate >> Connection: keep-alive >> Referer: https://www.xxx.cz/ >> Cookie: >> >> __utma=148540003.1998141124.__1349164485.1349423437.__1349599213.20; >> >> >> __utmz=148540003.1349164485.1.__1.utmcsr=(direct)|utmccn=(__direct)|utmcmd=(none); >> theme_cookie=life; >> >> e6da1f1e61cfd387eff8fb21161379__6e=3c29965kggoo45p49dhrs1npq0; >> __utmc=148540003 >> Cache-Control: max-age=0 >> >> >> ==============================__======================== >> >> Then I start sqlmap this way: >> >> ./sqlmap.py -l /root/burp.log --batch >> --threads=10 >> --scope=www.xxx.cz <http://www.xxx.cz> >> <http://www.xxx.cz> <http://www.xxx.cz> >> >> >> And sqlmap instead of sending request to >> https (443) port >> it will use >> http (80) port instead: >> >> >> ------------------------------__--------------------------- >> >> [13:21:55] [INFO] using regular expression >> 'www.xxx.cz <http://www.xxx.cz> >> <http://www.xxx.cz> >> <http://www.xxx.cz>' for filtering >> targets >> [13:21:55] [INFO] sqlmap parsed 1 testable >> requests from >> the targets >> list >> [13:21:55] [INFO] url 1: >> GET >> >> http://www.xxx.cz:80/index.__php?option=com_thumber&view=__thumb&format=image&path=__images/cups/web-xxx-klub___ikona-spion.jpg&newX=160&newY=__120 >> >> <http://www.xxx.cz:80/index.php?option=com_thumber&view=thumb&format=image&path=images/cups/web-xxx-klub_ikona-spion.jpg&newX=160&newY=120> >> Cookie: >> >> __utma=148540003.1998141124.__1349164485.1349423437.__1349599213.20; >> >> >> __utmz=148540003.1349164485.1.__1.utmcsr=(direct)|utmccn=(__direct)|utmcmd=(none); >> theme_cookie=life; >> >> e6da1f1e61cfd387eff8fb21161379__6e=3c29965kggoo45p49dhrs1npq0; >> __utmc=148540003 >> do you want to test this url? [Y/n/q] >> > Y >> [snip] >> >> ------------------------------__--------------------------- >> >> >> Could you please fix this? >> >> Regards >> >> Karel Marhoul >> >> >> >> ------------------------------__------------------------------__------------------ >> >> >> Don't let slow site performance ruin your >> business. Deploy >> New Relic APM >> Deploy New Relic app performance management >> and know exactly >> what is happening inside your Ruby, Python, >> PHP, Java, and >> .NET app >> Try New Relic at no cost today and get our >> sweet Data Nerd >> shirt too! >> http://p.sf.net/sfu/newrelic-__dev2dev >> <http://p.sf.net/sfu/newrelic-dev2dev> >> >> _________________________________________________ >> sqlmap-users mailing list >> sqlmap-users@lists.__ >> <mailto:sqlmap-users@lists.__>sourceforge.net >> <http://sourceforge.net> >> <mailto:sql...@li... >> <mailto:sql...@li...>> >> <mailto:sqlmap-users@lists. >> <mailto:sqlmap-users@lists.>__sourceforge.net >> <http://sourceforge.net> >> <mailto:sql...@li... >> <mailto:sql...@li...>>> >> >> https://lists.sourceforge.net/__lists/listinfo/sqlmap-users >> >> <https://lists.sourceforge.net/lists/listinfo/sqlmap-users> >> >> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm >> >> >> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm >> >> >> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm >> >> >> ------------------------------------------------------------------------------ >> Don't let slow site performance ruin your business. Deploy New Relic APM >> Deploy New Relic app performance management and know exactly >> what is happening inside your Ruby, Python, PHP, Java, and .NET app >> Try New Relic at no cost today and get our sweet Data Nerd shirt too! >> http://p.sf.net/sfu/newrelic-dev2dev >> >> >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... <mailto:sql...@li...> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > -- > Miroslav Stampar > http://about.me/stamparm |
