Re: [sqlmap-users] --load-cookies format
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] --load-cookies format
|
From: Boris C. <bor...@or...> - 2013-02-12 15:17:56
|
Thanks, I have tested and everything (load-cookies, expired warning and symbolik link) works fine for me now. Boris On 12/02/13 14:49, Miroslav Stampar wrote: > Fixed with last commit [1]. > > Bye > > [1] > https://github.com/sqlmapproject/sqlmap/commit/cf6c3a84b52f73de44109af575bc34d3c4004845 > > On Tue, Feb 12, 2013 at 3:36 PM, Boris Chazalet > <bor...@or... <mailto:bor...@or...>> wrote: > > Not a big deal, but I used to a symbolic link pointing to > sqlmap.py, but that does not work anymore. I get this: > [14:34:21] [CRITICAL] unable to read file 'txt/keywords.txt' > > I can still run it from the sqlmap directory though. > Boris > > > On 12/02/13 14:20, Boris Chazalet wrote: >> Thanks a lot Miroslav, I am always impressed with your reactivity. >> >> I am going to pull and test again. >> Boris >> >> On 12/02/13 13:31, Miroslav Stampar wrote: >>> Update: >>> >>> With the latest commit [1] you should be warned about the >>> expired cookies. >>> >>> Kind regards, >>> Miroslav Stampar >>> >>> [1] >>> https://github.com/sqlmapproject/sqlmap/commit/212e92ea0187f9b990c4cc0d4cbb9ac7b5b1739c >>> >>> On Tue, Feb 12, 2013 at 12:59 PM, Miroslav Stampar >>> <mir...@gm... <mailto:mir...@gm...>> >>> wrote: >>> >>> p.s. you can use for example: >>> mytestserver.com <http://mytestserver.com> FALSE /test >>> FALSE *1000000000000000000* JSESSIONID >>> 1064CC1958261C9D61D102C4C995611P.tcatmytestsrv >>> >>> >>> On Tue, Feb 12, 2013 at 12:45 PM, Miroslav Stampar >>> <mir...@gm... >>> <mailto:mir...@gm...>> wrote: >>> >>> Hi. >>> >>> With the last commit [1] "format" should be less strict >>> (your original content should be valid). >>> >>> Also, please read through [2] to see the content of >>> those fields inside. I would say that in your case >>> cookies "expired". >>> >>> Kind regards, >>> Miroslav Stampar >>> >>> [1] >>> https://github.com/sqlmapproject/sqlmap/commit/72984a578df61f4913c8026c3d9315ea34e4bc1b >>> [2] http://www.cookiecentral.com/faq/#3.5 >>> >>> >>> On Tue, Feb 12, 2013 at 12:33 PM, Boris Chazalet >>> <bor...@or... >>> <mailto:bor...@or...>> wrote: >>> >>> Hi Miroslav, >>> >>> I have edited the file manually and sqlmap does not >>> complain anymore. However it does *not* seem to use >>> the cookie present in the file. Is there another >>> option I should use to actually use the cookies once >>> loaded? >>> >>> Alternatively, it does work if I don't use >>> --load-cookies but only --cookie >>> JSESSIONID=WHATEVERSESSIONID >>> >>> Thanks! >>> Boris >>> >>> >>> >>> On 12/02/13 11:19, Miroslav Stampar wrote: >>>> Hi. >>>> >>>> First line needs to start with "# Netscape HTTP >>>> Cookie File.". Also, each value inside entries need >>>> to be splitted with \t (TAB) <- not spaces. Find >>>> attached a valid example. >>>> >>>> We are here depending on low-level python module >>>> (cookielib) parsing it automatically. Nevertheless, >>>> I can see now that it's too constrained in this >>>> manner. Will do some "adaptations" and let you know. >>>> >>>> Kind regards, >>>> Miroslav Stampar >>>> >>>> On Tue, Feb 12, 2013 at 12:04 PM, Boris Chazalet >>>> <bor...@or... >>>> <mailto:bor...@or...>> wrote: >>>> >>>> Hi everyone, >>>> >>>> I am trying to use the --load-cookies option on >>>> sqlmap. I have saved session cookies using wget >>>> and I am trying to load them in sqlmap with the >>>> following command: >>>> >>>> /python sqlmap.py -u "http://mytestserver.com" >>>> <http://mytestserver.com> >>>> --load-cookies=cookies.txt/ >>>> >>>> but I get an error message: >>>> >>>> /[11:00:32] [CRITICAL] there was a problem >>>> loading cookies file ('u'cookies.txt' does not >>>> look like a Netscape format cookies file')/ >>>> >>>> So my question is, what is supposed to be the >>>> accepted format for loading a cookie file into >>>> sqlmap? >>>> >>>> Regards, >>>> Boris >>>> >>>> cookies.txt: >>>> # HTTP cookie file. >>>> # Generated by Wget on 2013-02-12 10:58:35. >>>> # Edit at your own risk. >>>> >>>> mytestserver.com <http://mytestserver.com> >>>> FALSE /test FALSE 0 JSESSIONID >>>> 1064CC1958261C9D61D102C4C995611P.tcatmytestsrv >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Free Next-Gen Firewall Hardware Offer >>>> Buy your Sophos next-gen firewall before the >>>> end March 2013 >>>> and get the hardware for free! Learn more. >>>> http://p.sf.net/sfu/sophos-d2d-feb >>>> _______________________________________________ >>>> sqlmap-users mailing list >>>> sql...@li... >>>> <mailto:sql...@li...> >>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >>>> >>>> >>>> >>>> >>>> -- >>>> Miroslav Stampar >>>> http://about.me/stamparm >>> >>> >>> >>> >>> -- >>> Miroslav Stampar >>> http://about.me/stamparm >>> >>> >>> >>> >>> -- >>> Miroslav Stampar >>> http://about.me/stamparm >>> >>> >>> >>> >>> -- >>> Miroslav Stampar >>> http://about.me/stamparm >> >> >> >> ------------------------------------------------------------------------------ >> Free Next-Gen Firewall Hardware Offer >> Buy your Sophos next-gen firewall before the end March 2013 >> and get the hardware for free! Learn more. >> http://p.sf.net/sfu/sophos-d2d-feb >> >> >> _______________________________________________ >> sqlmap-users mailing list >> sql...@li... <mailto:sql...@li...> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > -- > Miroslav Stampar > http://about.me/stamparm |
