Re: [sqlmap-users] --load-cookies format

[Boris C. <bor...@or...>]

Not a big deal, but I used to a symbolic link pointing to sqlmap.py, but 
that does not work anymore. I get this:
[14:34:21] [CRITICAL] unable to read file 'txt/keywords.txt'

I can still run it from the sqlmap directory though.
Boris


On 12/02/13 14:20, Boris Chazalet wrote:
> Thanks a lot Miroslav, I am always impressed with your reactivity.
>
> I am going to pull and test again.
> Boris
>
> On 12/02/13 13:31, Miroslav Stampar wrote:
>> Update:
>>
>> With the latest commit [1] you should be warned about the expired 
>> cookies.
>>
>> Kind regards,
>> Miroslav Stampar
>>
>> [1] 
>> https://github.com/sqlmapproject/sqlmap/commit/212e92ea0187f9b990c4cc0d4cbb9ac7b5b1739c
>>
>> On Tue, Feb 12, 2013 at 12:59 PM, Miroslav Stampar 
>> <mir...@gm... <mailto:mir...@gm...>> wrote:
>>
>>     p.s. you can use for example:
>>     mytestserver.com <http://mytestserver.com>    FALSE    /test  
>>      FALSE *1000000000000000000*    JSESSIONID
>>      1064CC1958261C9D61D102C4C995611P.tcatmytestsrv
>>
>>
>>     On Tue, Feb 12, 2013 at 12:45 PM, Miroslav Stampar
>>     <mir...@gm... <mailto:mir...@gm...>>
>>     wrote:
>>
>>         Hi.
>>
>>         With the last commit [1] "format" should be less strict (your
>>         original content should be valid).
>>
>>         Also, please read through [2] to see the content of those
>>         fields inside. I would say that in your case cookies "expired".
>>
>>         Kind regards,
>>         Miroslav Stampar
>>
>>         [1]
>>         https://github.com/sqlmapproject/sqlmap/commit/72984a578df61f4913c8026c3d9315ea34e4bc1b
>>         [2] http://www.cookiecentral.com/faq/#3.5
>>
>>
>>         On Tue, Feb 12, 2013 at 12:33 PM, Boris Chazalet
>>         <bor...@or...
>>         <mailto:bor...@or...>> wrote:
>>
>>             Hi Miroslav,
>>
>>             I have edited the file manually and sqlmap does not
>>             complain anymore. However it does *not* seem to use the
>>             cookie present in the file. Is there another option I
>>             should use to actually use the cookies once loaded?
>>
>>             Alternatively, it does work if I don't use --load-cookies
>>             but only --cookie JSESSIONID=WHATEVERSESSIONID
>>
>>             Thanks!
>>             Boris
>>
>>
>>
>>             On 12/02/13 11:19, Miroslav Stampar wrote:
>>>             Hi.
>>>
>>>             First line needs to start with "# Netscape HTTP Cookie
>>>             File.". Also, each value inside entries need to be
>>>             splitted with \t (TAB) <- not spaces. Find attached a
>>>             valid example.
>>>
>>>             We are here depending on low-level python module
>>>             (cookielib) parsing it automatically. Nevertheless, I
>>>             can see now that it's too constrained in this manner.
>>>             Will do some "adaptations" and let you know.
>>>
>>>             Kind regards,
>>>             Miroslav Stampar
>>>
>>>             On Tue, Feb 12, 2013 at 12:04 PM, Boris Chazalet
>>>             <bor...@or...
>>>             <mailto:bor...@or...>> wrote:
>>>
>>>                 Hi everyone,
>>>
>>>                 I am trying to use the --load-cookies option on
>>>                 sqlmap. I have saved session cookies using wget and
>>>                 I am trying to load them in sqlmap with the
>>>                 following command:
>>>
>>>                 /python sqlmap.py -u "http://mytestserver.com"
>>>                 <http://mytestserver.com> --load-cookies=cookies.txt/
>>>
>>>                 but I get an error message:
>>>
>>>                 /[11:00:32] [CRITICAL] there was a problem loading
>>>                 cookies file ('u'cookies.txt' does not look like a
>>>                 Netscape format cookies file')/
>>>
>>>                 So my question is, what is supposed to be the
>>>                 accepted format for loading a cookie file into sqlmap?
>>>
>>>                 Regards,
>>>                 Boris
>>>
>>>                 cookies.txt:
>>>                 # HTTP cookie file.
>>>                 # Generated by Wget on 2013-02-12 10:58:35.
>>>                 # Edit at your own risk.
>>>
>>>                 mytestserver.com <http://mytestserver.com> FALSE   
>>>                 /test FALSE    0 JSESSIONID
>>>                 1064CC1958261C9D61D102C4C995611P.tcatmytestsrv
>>>
>>>
>>>
>>>                 ------------------------------------------------------------------------------
>>>                 Free Next-Gen Firewall Hardware Offer
>>>                 Buy your Sophos next-gen firewall before the end
>>>                 March 2013
>>>                 and get the hardware for free! Learn more.
>>>                 http://p.sf.net/sfu/sophos-d2d-feb
>>>                 _______________________________________________
>>>                 sqlmap-users mailing list
>>>                 sql...@li...
>>>                 <mailto:sql...@li...>
>>>                 https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>>>
>>>
>>>             -- 
>>>             Miroslav Stampar
>>>             http://about.me/stamparm
>>
>>
>>
>>
>>         -- 
>>         Miroslav Stampar
>>         http://about.me/stamparm
>>
>>
>>
>>
>>     -- 
>>     Miroslav Stampar
>>     http://about.me/stamparm
>>
>>
>>
>>
>> -- 
>> Miroslav Stampar
>> http://about.me/stamparm
>
>
>
> ------------------------------------------------------------------------------
> Free Next-Gen Firewall Hardware Offer
> Buy your Sophos next-gen firewall before the end March 2013
> and get the hardware for free! Learn more.
> http://p.sf.net/sfu/sophos-d2d-feb
>
>
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users