Re: [sqlmap-users] --load-cookies format
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] --load-cookies format
|
From: Miroslav S. <mir...@gm...> - 2013-02-12 11:45:20
|
Hi. With the last commit [1] "format" should be less strict (your original content should be valid). Also, please read through [2] to see the content of those fields inside. I would say that in your case cookies "expired". Kind regards, Miroslav Stampar [1] https://github.com/sqlmapproject/sqlmap/commit/72984a578df61f4913c8026c3d9315ea34e4bc1b [2] http://www.cookiecentral.com/faq/#3.5 On Tue, Feb 12, 2013 at 12:33 PM, Boris Chazalet <bor...@or...>wrote: > Hi Miroslav, > > I have edited the file manually and sqlmap does not complain anymore. > However it does *not* seem to use the cookie present in the file. Is > there another option I should use to actually use the cookies once loaded? > > Alternatively, it does work if I don't use --load-cookies but only > --cookie JSESSIONID=WHATEVERSESSIONID > > Thanks! > Boris > > > > On 12/02/13 11:19, Miroslav Stampar wrote: > > Hi. > > First line needs to start with "# Netscape HTTP Cookie File.". Also, > each value inside entries need to be splitted with \t (TAB) <- not spaces. > Find attached a valid example. > > We are here depending on low-level python module (cookielib) parsing it > automatically. Nevertheless, I can see now that it's too constrained in > this manner. Will do some "adaptations" and let you know. > > Kind regards, > Miroslav Stampar > > On Tue, Feb 12, 2013 at 12:04 PM, Boris Chazalet < > bor...@or...> wrote: > >> Hi everyone, >> >> I am trying to use the --load-cookies option on sqlmap. I have saved >> session cookies using wget and I am trying to load them in sqlmap with the >> following command: >> >> *python sqlmap.py -u "http://mytestserver.com" <http://mytestserver.com>--load-cookies=cookies.txt >> * >> >> but I get an error message: >> >> *[11:00:32] [CRITICAL] there was a problem loading cookies file >> ('u'cookies.txt' does not look like a Netscape format cookies file')* >> >> So my question is, what is supposed to be the accepted format for loading >> a cookie file into sqlmap? >> >> Regards, >> Boris >> >> cookies.txt: >> # HTTP cookie file. >> # Generated by Wget on 2013-02-12 10:58:35. >> # Edit at your own risk. >> >> mytestserver.com FALSE /test FALSE 0 JSESSIONID >> 1064CC1958261C9D61D102C4C995611P.tcatmytestsrv >> >> >> >> >> ------------------------------------------------------------------------------ >> Free Next-Gen Firewall Hardware Offer >> Buy your Sophos next-gen firewall before the end March 2013 >> and get the hardware for free! Learn more. >> http://p.sf.net/sfu/sophos-d2d-feb >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > > > -- Miroslav Stampar http://about.me/stamparm |
