Re: [sqlmap-users] SQLmap -l option bug
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] SQLmap -l option bug
|
From: Karel M. <rez...@se...> - 2012-10-09 09:04:21
|
I could confirm this behavior with these versions of burp: Burp Suite Proffesional 1.4.12 Burp Suite Proffesional 1.5rc3 Patch would be appreciated. Regards Karel On 9.10.2012 10:49, Miroslav Stampar wrote: > Hi again. > > It's a preamble, but the request itself is down below. We process > requests, not preambles. As we need to support generic LOG files, we are > "hunting" for requests itself. > > If somebody could confirm that Burp really strips any HTTPS "tips" from > the requests and just puts those in preambles (like in your case), I'll > gladly do the "patching". > > Kind regards, > Miroslav Stampar > > On Tue, Oct 9, 2012 at 10:44 AM, Karel Marhoul <rez...@se... > <mailto:rez...@se...>> wrote: > > Hello Miroslav, there is a mention of port 443 in the request > "preamble", see: > > > ==============================__======================== > > 12:40:22 https://www.xxx.cz:443 [81.91.80.92] > > ==============================__======================== > > That specific request came from HTTPS page and landed toward HTTP, > I'm sure of that. > > I suggest sqlmap log parser should first look at the port in the > request preamble and then send the request to this port - is that > possible to implement? > > Regards > > Karel > > On 9.10.2012 10:30, Miroslav Stampar wrote: > > Hi Karel. > > Strictly speaking there is no bug here. If you take a look carefully > into the HTTP request inside you'll see that there is no mention of > either HTTPS nor 443 inside the request itself. It seems like the > request came from the https page (referer header), but landed > toward the > HTTP land. > > I would suggest you to just try to append the :443 to the Host > header > value (Host: www.xxx.cz <http://www.xxx.cz> <http://www.xxx.cz> > -> Host: www.xxx.cz:443 <http://www.xxx.cz:443> > <http://www.xxx.cz:443>) > > Kind regards, > Miroslav Stampar > > On Sun, Oct 7, 2012 at 1:37 PM, Karel Marhoul > <rez...@se... <mailto:rez...@se...> > <mailto:rez...@se... <mailto:rez...@se...>>> wrote: > > Hello, I came across a bug while using sqlmap with -l > parameter. I have > burp log file with following content (only one request to > https port): > > ==============================__======================== > 12:40:22 https://www.xxx.cz:443 [81.91.80.92] > ==============================__======================== > GET > > /index.php?option=com_thumber&__view=thumb&format=image&path=__images/cups/web-xxx-klub___ikona-spion.jpg&newX=160&newY=__120 > HTTP/1.1 > Host: www.xxx.cz <http://www.xxx.cz> <http://www.xxx.cz> > User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) > Gecko/20100101 > Firefox/15.0.1 > Accept: image/png,image/*;q=0.8,*/*;q=__0.5 > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip, deflate > Connection: keep-alive > Referer: https://www.xxx.cz/ > Cookie: > __utma=148540003.1998141124.__1349164485.1349423437.__1349599213.20; > > __utmz=148540003.1349164485.1.__1.utmcsr=(direct)|utmccn=(__direct)|utmcmd=(none); > theme_cookie=life; > e6da1f1e61cfd387eff8fb21161379__6e=3c29965kggoo45p49dhrs1npq0; > __utmc=148540003 > Cache-Control: max-age=0 > > ==============================__======================== > > Then I start sqlmap this way: > > ./sqlmap.py -l /root/burp.log --batch --threads=10 > --scope=www.xxx.cz <http://www.xxx.cz> <http://www.xxx.cz> > > And sqlmap instead of sending request to https (443) port > it will use > http (80) port instead: > > ------------------------------__--------------------------- > [13:21:55] [INFO] using regular expression 'www.xxx.cz > <http://www.xxx.cz> > <http://www.xxx.cz>' for filtering > targets > [13:21:55] [INFO] sqlmap parsed 1 testable requests from > the targets > list > [13:21:55] [INFO] url 1: > GET > http://www.xxx.cz:80/index.__php?option=com_thumber&view=__thumb&format=image&path=__images/cups/web-xxx-klub___ikona-spion.jpg&newX=160&newY=__120 > <http://www.xxx.cz:80/index.php?option=com_thumber&view=thumb&format=image&path=images/cups/web-xxx-klub_ikona-spion.jpg&newX=160&newY=120> > Cookie: > __utma=148540003.1998141124.__1349164485.1349423437.__1349599213.20; > > __utmz=148540003.1349164485.1.__1.utmcsr=(direct)|utmccn=(__direct)|utmcmd=(none); > theme_cookie=life; > e6da1f1e61cfd387eff8fb21161379__6e=3c29965kggoo45p49dhrs1npq0; > __utmc=148540003 > do you want to test this url? [Y/n/q] > > Y > [snip] > ------------------------------__--------------------------- > > Could you please fix this? > > Regards > > Karel Marhoul > > > ------------------------------__------------------------------__------------------ > Don't let slow site performance ruin your business. Deploy > New Relic APM > Deploy New Relic app performance management and know exactly > what is happening inside your Ruby, Python, PHP, Java, and > .NET app > Try New Relic at no cost today and get our sweet Data Nerd > shirt too! > http://p.sf.net/sfu/newrelic-__dev2dev > <http://p.sf.net/sfu/newrelic-dev2dev> > _________________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.__sourceforge.net > <mailto:sql...@li...> > <mailto:sqlmap-users@lists.__sourceforge.net > <mailto:sql...@li...>> > https://lists.sourceforge.net/__lists/listinfo/sqlmap-users > <https://lists.sourceforge.net/lists/listinfo/sqlmap-users> > > > > > -- > Miroslav Stampar > http://about.me/stamparm > > > > > > -- > Miroslav Stampar > http://about.me/stamparm |
