Re: [sqlmap-users] --load-cookies format

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Hi Miroslav,

I have edited the file manually and sqlmap does not complain anymore. 
However it does *not* seem to use the cookie present in the file. Is 
there another option I should use to actually use the cookies once loaded?

Alternatively, it does work if I don't use --load-cookies but only 
--cookie JSESSIONID=WHATEVERSESSIONID

Thanks!
Boris

On 12/02/13 11:19, Miroslav Stampar wrote:
> Hi.
>
> First line needs to start with "# Netscape HTTP Cookie File.". Also, 
> each value inside entries need to be splitted with \t (TAB) <- not 
> spaces. Find attached a valid example.
>
> We are here depending on low-level python module (cookielib) parsing 
> it automatically. Nevertheless, I can see now that it's too 
> constrained in this manner. Will do some "adaptations" and let you know.
>
> Kind regards,
> Miroslav Stampar
>
> On Tue, Feb 12, 2013 at 12:04 PM, Boris Chazalet 
> <bor...@or... <mailto:bor...@or...>> wrote:
>
>     Hi everyone,
>
>     I am trying to use the --load-cookies option on sqlmap. I have
>     saved session cookies using wget and I am trying to load them in
>     sqlmap with the following command:
>
>     /python sqlmap.py -u "http://mytestserver.com"
>     <http://mytestserver.com> --load-cookies=cookies.txt/
>
>     but I get an error message:
>
>     /[11:00:32] [CRITICAL] there was a problem loading cookies file
>     ('u'cookies.txt' does not look like a Netscape format cookies file')/
>
>     So my question is, what is supposed to be the accepted format for
>     loading a cookie file into sqlmap?
>
>     Regards,
>     Boris
>
>     cookies.txt:
>     # HTTP cookie file.
>     # Generated by Wget on 2013-02-12 10:58:35.
>     # Edit at your own risk.
>
>     mytestserver.com <http://mytestserver.com>    FALSE /test   
>     FALSE    0    JSESSIONID
>     1064CC1958261C9D61D102C4C995611P.tcatmytestsrv
>
>
>
>     ------------------------------------------------------------------------------
>     Free Next-Gen Firewall Hardware Offer
>     Buy your Sophos next-gen firewall before the end March 2013
>     and get the hardware for free! Learn more.
>     http://p.sf.net/sfu/sophos-d2d-feb
>     _______________________________________________
>     sqlmap-users mailing list
>     sql...@li...
>     <mailto:sql...@li...>
>     https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
>
> -- 
> Miroslav Stampar
> http://about.me/stamparm