Re: [sqlmap-users] --load-cookies
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] --load-cookies
|
From: Miroslav S. <mir...@gm...> - 2013-04-13 23:14:47
|
Nevertheless, with the latest commit that check should be "neutralized" now. Could you please retry it now? Kind regards, Miroslav Stampar On Sun, Apr 14, 2013 at 12:59 AM, Miroslav Stampar < mir...@gm...> wrote: > Hi Dirk. > > Well, I would say that you have an expired cookie. Do you see that value > 0? That value should be a valid UNIX time representing time of cookie > expiration. Also, I've just tested that cookie of yours and sqlmap says: > "[WARNING] cookie '....' has expired" > > Kind regards, > Miroslav Stampar > > > On Sat, Apr 13, 2013 at 12:54 PM, Dirk Wetter <sp...@dr...> wrote: > >> >> Hi Miroslav, >> >> thx for your prompt answer. >> >> On 04/12/2013 07:45 PM, Miroslav Stampar wrote: >> > Hi Dirk. >> > >> > Could you please get the latest revision and retry it again? >> ed5599f: almost the same: with cookie in the header sqlmap takes only >> this one. >> The slight difference seems to be that in the case where I didn't supply >> a cookie >> sqlmap doesn't use any cookie at all, i.e. now not the one from the >> server anymore. >> > >> > There was a situation where info messages have been wrongly written >> that original response contained Set-Cookie in situations like yours. >> > >> > In case that everything stays as it is, I'll need to ask you to provide >> more details. For example, cookie file would be great. >> >> sure, here you go: >> >> --snip >> # Netscape HTTP Cookie File >> <FQDN> \t FALSE \t <path> \t TRUE \t 0 \t JSESSIONID \t >> <Cookie> >> [..] >> --snap >> >> They are all session cookies. For easier reading here I put some blanks >> in the line >> above, in "cookie-file" there aren't any though. Cookies were generated >> with >> stompy and a shell script (looks he same as with >> wget -S -O /dev/null --keep-session-cookies --save-cookies=<file> <URL>) >> >> Again: sqlmap doesn't hiccup/complain while eating my cookies file ;-) >> >> > >> > Also, please make sure that the cookie file contains proper cookie(s) - >> domain name should be the same as a domain of target, cookie needs to have >> a proper valid time, etc. >> >> see above. >> >> Cheers, >> >> Dirk >> >> > >> > >> > On Fri, Apr 12, 2013 at 4:50 PM, Dirk Wetter <sp...@dr...<mailto: >> sp...@dr...>> wrote: >> > >> > Hi Miroslav, >> > >> > yes unfortunately. >> > >> > If I omit the cookie line in the request header completely, sqlmap >> > seems to take the first cookie issued by the server with set-cookie >> (and >> > put's it silently in). >> > >> > Cheers, >> > >> > Dirk >> > >> > >> > >> > On 04/12/2013 03:24 PM, Miroslav Stampar wrote: >> > > Hi. >> > > >> > > And this is also happening if you are skipping "Cookie: >> JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7" from the original request? >> > > >> > > Kind regards, >> > > Miroslav Stampar >> > > >> > > >> > > On Fri, Apr 12, 2013 at 3:10 PM, Dirk Wetter <sp...@dr...<mailto: >> sp...@dr...> <mailto:sp...@dr... <mailto:sp...@dr...>>> >> wrote: >> > > >> > > >> > > Hi folks, >> > > >> > > .... that doesn't work for me. It always uses the cookie >> supplied >> > > (below in $REQUEST, or if I omit the line in $REQUEST the one >> > > from the 1st server reply is being used) >> > > >> > > So what is wrong in here: >> > > >> > > cd ~/networking/tools/sqlmap/sqlmap-dev1.0-dev-ea12cce >> > > ./sqlmap.py --ignore-proxy --force-ssl --beep \ >> > > --threads=8 -v 6 --load-cookies=$WD/cookie-file \ >> > > --level=2 --risk=2 -r $REQUEST >> > > >> > > The content of the file $REQUEST is: >> > > >> > > POST <URL> HTTP/1.1 >> > > Host: <HOST> >> > > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) >> AppleWebKit/525.13 (KHTML, like Gecko) >> > > Chrome/0.2.149.6 <http://0.2.149.6> <http://0.2.149.6> >> Safari/525.13 >> > > Accept: >> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 >> > > Accept-Language: en-US,en;q=0.5 >> > > Accept-Encoding: gzip, deflate >> > > Referer: <Referer> >> > > Cookie: JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7 >> > > Connection: keep-alive >> > > Content-Type: application/x-www-form-urlencoded >> > > Content-Length: 67 >> > > >> > > <abunchofpostparams> >> > > >> > > >> > > No hints that cookie-file is not in correct format (I've been >> through this, >> > > at least I think I so ;) ). >> > > >> > > Any insight would be much appreciated. >> > > >> > > >> > > Cheers, >> > > >> > > Dirk >> > > >> > > >> > > >> ------------------------------------------------------------------------------ >> > > Precog is a next-generation analytics platform capable of >> advanced >> > > analytics on semi-structured data. The platform includes APIs >> for building >> > > apps and a phenomenal toolset for data science. Developers >> can use >> > > our toolset for easy data analysis & visualization. Get a >> free account! >> > > http://www2.precog.com/precogplatform/slashdotnewsletter >> > > _______________________________________________ >> > > sqlmap-users mailing list >> > > sql...@li... <mailto: >> sql...@li...> <mailto: >> sql...@li... <mailto: >> sql...@li...>> >> > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > >> > > >> > > >> > > >> > > -- >> > > Miroslav Stampar >> > > http://about.me/stamparm >> > >> > >> > >> > >> > -- >> > Miroslav Stampar >> > http://about.me/stamparm >> >> > > > -- > Miroslav Stampar > http://about.me/stamparm > -- Miroslav Stampar http://about.me/stamparm |
