Re: [sqlmap-users] SQLmap -l option bug
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] SQLmap -l option bug
|
From: Karel M. <rez...@se...> - 2012-10-10 18:15:24
|
Thank you, Miro, for patching. Regards Karel Marhoul On 9.10.2012 11:36, Miroslav Stampar wrote: > Hi Karel. > > This should be fixed now [1]. > > Kind regards, > Miroslav Stampar > > [1] https://github.com/sqlmapproject/sqlmap/issues/198 > > On Tue, Oct 9, 2012 at 11:04 AM, Karel Marhoul <rez...@se... > <mailto:rez...@se...>> wrote: > > I could confirm this behavior with these versions of burp: > > Burp Suite Proffesional 1.4.12 > Burp Suite Proffesional 1.5rc3 > > Patch would be appreciated. > > Regards > > Karel > > > On 9.10.2012 10:49, Miroslav Stampar wrote: > > Hi again. > > It's a preamble, but the request itself is down below. We process > requests, not preambles. As we need to support generic LOG > files, we are > "hunting" for requests itself. > > If somebody could confirm that Burp really strips any HTTPS > "tips" from > the requests and just puts those in preambles (like in your > case), I'll > gladly do the "patching". > > Kind regards, > Miroslav Stampar > > On Tue, Oct 9, 2012 at 10:44 AM, Karel Marhoul > <rez...@se... <mailto:rez...@se...> > <mailto:rez...@se... <mailto:rez...@se...>>> wrote: > > Hello Miroslav, there is a mention of port 443 in the request > "preamble", see: > > > > ==============================____======================== > > > 12:40:22 https://www.xxx.cz:443 [81.91.80.92] > > > ==============================____======================== > > > That specific request came from HTTPS page and landed > toward HTTP, > I'm sure of that. > > I suggest sqlmap log parser should first look at the port > in the > request preamble and then send the request to this port - > is that > possible to implement? > > Regards > > Karel > > On 9.10.2012 10:30, Miroslav Stampar wrote: > > Hi Karel. > > Strictly speaking there is no bug here. If you take a > look carefully > into the HTTP request inside you'll see that there is > no mention of > either HTTPS nor 443 inside the request itself. It > seems like the > request came from the https page (referer header), but > landed > toward the > HTTP land. > > I would suggest you to just try to append the :443 to > the Host > header > value (Host: www.xxx.cz <http://www.xxx.cz> > <http://www.xxx.cz> <http://www.xxx.cz> > > -> Host: www.xxx.cz:443 <http://www.xxx.cz:443> > <http://www.xxx.cz:443> > <http://www.xxx.cz:443>) > > Kind regards, > Miroslav Stampar > > On Sun, Oct 7, 2012 at 1:37 PM, Karel Marhoul > <rez...@se... <mailto:rez...@se...> > <mailto:rez...@se... <mailto:rez...@se...>> > <mailto:rez...@se... > <mailto:rez...@se...> <mailto:rez...@se... > <mailto:rez...@se...>>>__> wrote: > > Hello, I came across a bug while using sqlmap with -l > parameter. I have > burp log file with following content (only one > request to > https port): > > > ==============================____======================== > > 12:40:22 https://www.xxx.cz:443 [81.91.80.92] > > ==============================____======================== > GET > > > /index.php?option=com_thumber&____view=thumb&format=image&__path=__images/cups/web-xxx-__klub___ikona-spion.jpg&newX=__160&newY=__120 > HTTP/1.1 > Host: www.xxx.cz <http://www.xxx.cz> > <http://www.xxx.cz> <http://www.xxx.cz> > > User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; > rv:15.0) > Gecko/20100101 > Firefox/15.0.1 > Accept: image/png,image/*;q=0.8,*/*;q=____0.5 > > Accept-Language: en-us,en;q=0.5 > Accept-Encoding: gzip, deflate > Connection: keep-alive > Referer: https://www.xxx.cz/ > Cookie: > > __utma=148540003.1998141124.____1349164485.1349423437.____1349599213.20; > > > __utmz=148540003.1349164485.1.____1.utmcsr=(direct)|utmccn=(____direct)|utmcmd=(none); > theme_cookie=life; > > e6da1f1e61cfd387eff8fb21161379____6e=__3c29965kggoo45p49dhrs1npq0; > __utmc=148540003 > Cache-Control: max-age=0 > > > ==============================____======================== > > Then I start sqlmap this way: > > ./sqlmap.py -l /root/burp.log --batch --threads=10 > --scope=www.xxx.cz <http://www.xxx.cz> > <http://www.xxx.cz> <http://www.xxx.cz> > > > And sqlmap instead of sending request to https > (443) port > it will use > http (80) port instead: > > > ------------------------------____--------------------------- > > [13:21:55] [INFO] using regular expression > 'www.xxx.cz <http://www.xxx.cz> > <http://www.xxx.cz> > <http://www.xxx.cz>' for filtering > targets > [13:21:55] [INFO] sqlmap parsed 1 testable > requests from > the targets > list > [13:21:55] [INFO] url 1: > GET > http://www.xxx.cz:80/index.____php?option=com_thumber&view=____thumb&format=image&path=____images/cups/web-xxx-klub_____ikona-spion.jpg&newX=160&newY=____120 > <http://www.xxx.cz:80/index.__php?option=com_thumber&view=__thumb&format=image&path=__images/cups/web-xxx-klub___ikona-spion.jpg&newX=160&newY=__120> > > <http://www.xxx.cz:80/index.__php?option=com_thumber&view=__thumb&format=image&path=__images/cups/web-xxx-klub___ikona-spion.jpg&newX=160&newY=__120 > <http://www.xxx.cz:80/index.php?option=com_thumber&view=thumb&format=image&path=images/cups/web-xxx-klub_ikona-spion.jpg&newX=160&newY=120>> > Cookie: > > __utma=148540003.1998141124.____1349164485.1349423437.____1349599213.20; > > > __utmz=148540003.1349164485.1.____1.utmcsr=(direct)|utmccn=(____direct)|utmcmd=(none); > theme_cookie=life; > > e6da1f1e61cfd387eff8fb21161379____6e=__3c29965kggoo45p49dhrs1npq0; > __utmc=148540003 > do you want to test this url? [Y/n/q] > > Y > [snip] > > ------------------------------____--------------------------- > > > Could you please fix this? > > Regards > > Karel Marhoul > > > > ------------------------------____----------------------------__--__------------------ > > Don't let slow site performance ruin your > business. Deploy > New Relic APM > Deploy New Relic app performance management and > know exactly > what is happening inside your Ruby, Python, PHP, > Java, and > .NET app > Try New Relic at no cost today and get our sweet > Data Nerd > shirt too! > http://p.sf.net/sfu/newrelic-____dev2dev > <http://p.sf.net/sfu/newrelic-__dev2dev> > <http://p.sf.net/sfu/newrelic-__dev2dev > <http://p.sf.net/sfu/newrelic-dev2dev>> > ___________________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.__sourcefor__ge.net > <http://sourceforge.net> > <mailto:sqlmap-users@lists.__sourceforge.net > <mailto:sql...@li...>> > <mailto:sqlmap-users@lists. > <mailto:sqlmap-users@lists.>__s__ourceforge.net > <http://sourceforge.net> > <mailto:sqlmap-users@lists.__sourceforge.net > <mailto:sql...@li...>>> > https://lists.sourceforge.net/____lists/listinfo/sqlmap-users > <https://lists.sourceforge.net/__lists/listinfo/sqlmap-users> > > <https://lists.sourceforge.__net/lists/listinfo/sqlmap-__users > <https://lists.sourceforge.net/lists/listinfo/sqlmap-users>> > > > > > -- > Miroslav Stampar > http://about.me/stamparm > > > > > > -- > Miroslav Stampar > http://about.me/stamparm > > > > > > -- > Miroslav Stampar > http://about.me/stamparm |
