Re: [sqlmap-users] --load-cookies
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] --load-cookies
|
From: Miroslav S. <mir...@gm...> - 2013-04-12 17:45:36
|
Hi Dirk. Could you please get the latest revision and retry it again? There was a situation where info messages have been wrongly written that original response contained Set-Cookie in situations like yours. In case that everything stays as it is, I'll need to ask you to provide more details. For example, cookie file would be great. Also, please make sure that the cookie file contains proper cookie(s) - domain name should be the same as a domain of target, cookie needs to have a proper valid time, etc. Kind regards, Miroslav Stampar On Fri, Apr 12, 2013 at 4:50 PM, Dirk Wetter <sp...@dr...> wrote: > Hi Miroslav, > > yes unfortunately. > > If I omit the cookie line in the request header completely, sqlmap > seems to take the first cookie issued by the server with set-cookie (and > put's it silently in). > > Cheers, > > Dirk > > > > On 04/12/2013 03:24 PM, Miroslav Stampar wrote: > > Hi. > > > > And this is also happening if you are skipping "Cookie: > JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7" from the original request? > > > > Kind regards, > > Miroslav Stampar > > > > > > On Fri, Apr 12, 2013 at 3:10 PM, Dirk Wetter <sp...@dr... <mailto: > sp...@dr...>> wrote: > > > > > > Hi folks, > > > > .... that doesn't work for me. It always uses the cookie supplied > > (below in $REQUEST, or if I omit the line in $REQUEST the one > > from the 1st server reply is being used) > > > > So what is wrong in here: > > > > cd ~/networking/tools/sqlmap/sqlmap-dev1.0-dev-ea12cce > > ./sqlmap.py --ignore-proxy --force-ssl --beep \ > > --threads=8 -v 6 --load-cookies=$WD/cookie-file \ > > --level=2 --risk=2 -r $REQUEST > > > > The content of the file $REQUEST is: > > > > POST <URL> HTTP/1.1 > > Host: <HOST> > > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) > AppleWebKit/525.13 (KHTML, like Gecko) > > Chrome/0.2.149.6 <http://0.2.149.6> Safari/525.13 > > Accept: > text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > > Accept-Language: en-US,en;q=0.5 > > Accept-Encoding: gzip, deflate > > Referer: <Referer> > > Cookie: JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7 > > Connection: keep-alive > > Content-Type: application/x-www-form-urlencoded > > Content-Length: 67 > > > > <abunchofpostparams> > > > > > > No hints that cookie-file is not in correct format (I've been > through this, > > at least I think I so ;) ). > > > > Any insight would be much appreciated. > > > > > > Cheers, > > > > Dirk > > > > > > > ------------------------------------------------------------------------------ > > Precog is a next-generation analytics platform capable of advanced > > analytics on semi-structured data. The platform includes APIs for > building > > apps and a phenomenal toolset for data science. Developers can use > > our toolset for easy data analysis & visualization. Get a free > account! > > http://www2.precog.com/precogplatform/slashdotnewsletter > > _______________________________________________ > > sqlmap-users mailing list > > sql...@li... <mailto: > sql...@li...> > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > > > > > > -- > > Miroslav Stampar > > http://about.me/stamparm > > -- Miroslav Stampar http://about.me/stamparm |
