Re: [sqlmap-users] --load-cookies format
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] --load-cookies format
|
From: Miroslav S. <mir...@gm...> - 2013-02-12 14:49:56
|
Fixed with last commit [1]. Bye [1] https://github.com/sqlmapproject/sqlmap/commit/cf6c3a84b52f73de44109af575bc34d3c4004845 On Tue, Feb 12, 2013 at 3:36 PM, Boris Chazalet <bor...@or...>wrote: > Not a big deal, but I used to a symbolic link pointing to sqlmap.py, but > that does not work anymore. I get this: > [14:34:21] [CRITICAL] unable to read file 'txt/keywords.txt' > > I can still run it from the sqlmap directory though. > Boris > > > On 12/02/13 14:20, Boris Chazalet wrote: > > Thanks a lot Miroslav, I am always impressed with your reactivity. > > I am going to pull and test again. > Boris > > On 12/02/13 13:31, Miroslav Stampar wrote: > > Update: > > With the latest commit [1] you should be warned about the expired > cookies. > > Kind regards, > Miroslav Stampar > > [1] > https://github.com/sqlmapproject/sqlmap/commit/212e92ea0187f9b990c4cc0d4cbb9ac7b5b1739c > > On Tue, Feb 12, 2013 at 12:59 PM, Miroslav Stampar < > mir...@gm...> wrote: > >> p.s. you can use for example: >> mytestserver.com FALSE /test FALSE *1000000000000000000* >> JSESSIONID 1064CC1958261C9D61D102C4C995611P.tcatmytestsrv >> >> >> On Tue, Feb 12, 2013 at 12:45 PM, Miroslav Stampar < >> mir...@gm...> wrote: >> >>> Hi. >>> >>> With the last commit [1] "format" should be less strict (your original >>> content should be valid). >>> >>> Also, please read through [2] to see the content of those fields >>> inside. I would say that in your case cookies "expired". >>> >>> Kind regards, >>> Miroslav Stampar >>> >>> [1] >>> https://github.com/sqlmapproject/sqlmap/commit/72984a578df61f4913c8026c3d9315ea34e4bc1b >>> [2] http://www.cookiecentral.com/faq/#3.5 >>> >>> >>> On Tue, Feb 12, 2013 at 12:33 PM, Boris Chazalet < >>> bor...@or...> wrote: >>> >>>> Hi Miroslav, >>>> >>>> I have edited the file manually and sqlmap does not complain anymore. >>>> However it does *not* seem to use the cookie present in the file. Is >>>> there another option I should use to actually use the cookies once loaded? >>>> >>>> Alternatively, it does work if I don't use --load-cookies but only >>>> --cookie JSESSIONID=WHATEVERSESSIONID >>>> >>>> Thanks! >>>> Boris >>>> >>>> >>>> >>>> On 12/02/13 11:19, Miroslav Stampar wrote: >>>> >>>> Hi. >>>> >>>> First line needs to start with "# Netscape HTTP Cookie File.". Also, >>>> each value inside entries need to be splitted with \t (TAB) <- not spaces. >>>> Find attached a valid example. >>>> >>>> We are here depending on low-level python module (cookielib) parsing >>>> it automatically. Nevertheless, I can see now that it's too constrained in >>>> this manner. Will do some "adaptations" and let you know. >>>> >>>> Kind regards, >>>> Miroslav Stampar >>>> >>>> On Tue, Feb 12, 2013 at 12:04 PM, Boris Chazalet < >>>> bor...@or...> wrote: >>>> >>>>> Hi everyone, >>>>> >>>>> I am trying to use the --load-cookies option on sqlmap. I have saved >>>>> session cookies using wget and I am trying to load them in sqlmap with the >>>>> following command: >>>>> >>>>> *python sqlmap.py -u "http://mytestserver.com"<http://mytestserver.com>--load-cookies=cookies.txt >>>>> * >>>>> >>>>> but I get an error message: >>>>> >>>>> *[11:00:32] [CRITICAL] there was a problem loading cookies file >>>>> ('u'cookies.txt' does not look like a Netscape format cookies file')* >>>>> >>>>> So my question is, what is supposed to be the accepted format for >>>>> loading a cookie file into sqlmap? >>>>> >>>>> Regards, >>>>> Boris >>>>> >>>>> cookies.txt: >>>>> # HTTP cookie file. >>>>> # Generated by Wget on 2013-02-12 10:58:35. >>>>> # Edit at your own risk. >>>>> >>>>> mytestserver.com FALSE /test FALSE 0 JSESSIONID >>>>> 1064CC1958261C9D61D102C4C995611P.tcatmytestsrv >>>>> >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Free Next-Gen Firewall Hardware Offer >>>>> Buy your Sophos next-gen firewall before the end March 2013 >>>>> and get the hardware for free! Learn more. >>>>> http://p.sf.net/sfu/sophos-d2d-feb >>>>> _______________________________________________ >>>>> sqlmap-users mailing list >>>>> sql...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>>> >>>>> >>>> >>>> >>>> -- >>>> Miroslav Stampar >>>> http://about.me/stamparm >>>> >>>> >>>> >>> >>> >>> -- >>> Miroslav Stampar >>> http://about.me/stamparm >>> >> >> >> >> -- >> Miroslav Stampar >> http://about.me/stamparm >> > > > > -- > Miroslav Stampar > http://about.me/stamparm > > > > > ------------------------------------------------------------------------------ > Free Next-Gen Firewall Hardware Offer > Buy your Sophos next-gen firewall before the end March 2013 > and get the hardware for free! Learn more.http://p.sf.net/sfu/sophos-d2d-feb > > > > _______________________________________________ > sqlmap-users mailing lis...@li...https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > -- Miroslav Stampar http://about.me/stamparm |
