Re: [sqlmap-users] Trouble with "json" like data
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] Trouble with "json" like data
|
From: <Lou...@be...> - 2014-02-24 20:23:04
|
Thanks From: Brandon Perry [mailto:bpe...@gm...] Sent: Monday, February 24, 2014 3:12 PM To: Louis Nadeau Cc: <sql...@li...> Subject: Re: [sqlmap-users] Trouble with "json" like data Use an asterisk. Sent from a computer On Feb 24, 2014, at 1:29 PM, <Lou...@be...<mailto:Lou...@be...>> wrote: Hi, I saw a couple messages saying sqlmap should support json post data now. However, I’m having trouble with a pretty simple payload. I’m using the following request that I extracted from Burp and censored a bit : POST /SomeUrl/ HTTP/1.1 Host: www.SomeUrl.org.uk<http://org.uk> Proxy-Connection: keep-alive Content-Length: 28 Accept: application/json, text/javascript, */*; q=0.01 Origin: http://www. SomeUrl.org.uk<http://org.uk> X-Requested-With: XMLHttpRequest User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36 Content-Type: application/json; charset=UTF-8 Referer: http://www. SomeUrl.org.uk/<http://org.uk/> Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8,fr-CA;q=0.6,fr;q=0.4 Cookie: SomeCookies Connection: close {'address':'peanut'} I tried using “sqlmap –r request” or “sqlmap –r request –p address” or with –p “peanut”. I also tried adding $$ before and after peanut and trying with –sufix and –prefix to no avail. I also tried a full command line without using the raw request like this (and multiple variant) : python sqlmap.py -u "http://www.someurl.co.uk" --data "{'address':'$peanut$'}" --cookie="somecookies" --prefix="$" --suffix="$" Whatever I’m doing, I’m ending up with a message like : [14:27:08] [INFO] target URL is stable [14:27:08] [CRITICAL] no parameter(s) found for testing in the provided data (e.g. GET parameter 'id' in 'www.site.com/index.php?id=1'<http://www.site.com/index.php?id=1'>) Or [14:27:47] [INFO] parsing HTTP request from 'requestFromBurp' [14:27:47] [CRITICAL] all testable parameters you provided are not present within the given request data I tried sqlmap/1.0-dev out of Kali linux and also downloaded the nightlies with GIT. Can you help me ? Thanks Louis ------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk _______________________________________________ sqlmap-users mailing list sql...@li...<mailto:sql...@li...> https://lists.sourceforge.net/lists/listinfo/sqlmap-users |
