Thread: [sqlmap-users] proxy/non-proxy behavior is different
Brought to you by:
inquisb
Menu
▾
▴
sqlmap-users
|
From: <li...@li...> - 2009-04-16 13:00:00
|
I'm currently conducting a pen-test where I am successfully able to enumerate data from a database using sqlmap (blind sql injection). However, I've noticed that sqlmap acts differently using a proxy vs not using a proxy. My session cookies will working when not using the proxy in sqlmap. Using the proxy setting will not work (proxy through burp suite). When not using the proxy, sqlmap will use a GET request without the host:port information and just use the /url. When using a proxy, sqlmap will use http://hostname:port/url instead. Because of the differences, my session state will not work the same. Is there a way in sqlmap to have the proxy usage be the same as the non-proxy usage so that I can use the session credentials obtained using burp suite. |
|
From: Pragmatk <pra...@gm...> - 2009-04-16 14:05:23
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
li...@li... wrote:
> I'm currently conducting a pen-test where I am successfully able to
> enumerate data from a database using sqlmap (blind sql injection).
Since you're pentesting web applications, and because you decided to
read --help before posting, So surely you know how a HTTP proxy works.
> My session cookies will working when not using the proxy in sqlmap.
> Using the proxy setting will not work (proxy through burp suite).
> When not using the proxy, sqlmap will use a GET request without the
> host:port information and just use the /url.
Based on the facts that you
1) Have read --help
and 2) Are pentesting web applications
and 3) (Based one (2)) Know how a HTTP proxy works
I conclude that you're inquiring about the possibility of having sqlmap
go take a shit on the HTTP proxy protocol and break its built-in proxy
support. What I fail to understand is what you're looking to gain by
doing so.
- --
Joe / "Pragmatk"
[ 6426 C563 2592 0BB8 5193 797E 1A09 9E97 323C 7837 ]
[ gpg --recv-keys --keyserver pgp.mit.edu 0x323C7837 ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIcBAEBAgAGBQJJ50gWAAoJEBoJnpcyPHg3VsAQAL53bjZwdYPrgGP9ldmXyjnt
mdTdsfOPRzEz0I6o4PsjKDQ5uPkivIVE+x6LRW16YTTIWay+0jauU1gEFAWOkO8g
dcxRRHz5kZ3mrm5TYA9VFmkZGCvwSp6hvrHAiFVcWKFcjelW8zH/LS3Dc+YcS8q7
6/bOxk3CnDPmwNujIlfZTtWzVb/t++BJAfCma39Q2g5+xg32rKCGjWJ9hzDXMWgj
DxvV/BZtYmUpvjAkpdkgXs8rdyy26UYKt01z65Vb31csZ1F0/Chym4tOxRi1nhsV
vgHivE97p/ABOMbeirdzeKMD6XQhgSCZkUPA8L9ABuSwcPA5ICJ8jgWBdlxZsKS6
ZMM+TDdBV2Ciu6kUEdN/dX6RoTx7izCarkNqMrwqSkXVSUFyiBzS0aQ6z0KJOs40
jkTJsD8wG+UnaX8zrDpG++96PcoUiIhihPhIGu0NWUgcTkHGbS4ySag9TaAzsqyn
TCHjiyzd9VsKyP39pU5vN+PZgg3322RR9KSvbManJOuA+0kta2R+4bYnQ8zhQO4X
nFuNB8p6P91/nMLhQ7+JIxvtcbVAI4CToBV69MDqjFjk0wtUDH9s1qltgk87RDIC
ekQ+PZfkO4oU+CRVaLJWN6b/RYkR0vT2nhBp/JQQvUp27mZRSTSDXYu7ozVR3Cu+
yyykYJoy5Ttb8FKpuTnM
=Ev4c
-----END PGP SIGNATURE-----
|
|
From: <li...@li...> - 2009-04-16 15:33:53
|
All I care about is getting the sqlmap to funnel all requests through a proxy that I control to log the results (ie. burp). I was noting a difference between how sqlmap works in proxy vs non-proxy mode to the point where obtained session tokens will not work. I am inquiring if there is a way to make sqlmap work differently, regardless of protocol. Session credentials are obtained using firefox to burp suite. Running sqlmap through burp using the same obtained session token does not work because sqlmap uses different requests than the obtained token. On Thu, Apr 16, 2009 at 04:00:40PM +0100, Pragmatk wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > li...@li... wrote: > > I'm currently conducting a pen-test where I am successfully able to > > enumerate data from a database using sqlmap (blind sql injection). > Since you're pentesting web applications, and because you decided to > read --help before posting, So surely you know how a HTTP proxy works. > > > My session cookies will working when not using the proxy in sqlmap. > > Using the proxy setting will not work (proxy through burp suite). > > When not using the proxy, sqlmap will use a GET request without the > > host:port information and just use the /url. > Based on the facts that you > 1) Have read --help > and 2) Are pentesting web applications > and 3) (Based one (2)) Know how a HTTP proxy works > > I conclude that you're inquiring about the possibility of having sqlmap > go take a shit on the HTTP proxy protocol and break its built-in proxy > support. What I fail to understand is what you're looking to gain by > doing so. > > - -- > Joe / "Pragmatk" > [ 6426 C563 2592 0BB8 5193 797E 1A09 9E97 323C 7837 ] > [ gpg --recv-keys --keyserver pgp.mit.edu 0x323C7837 ] |
|
From: Pragmatk <pra...@gm...> - 2009-04-16 15:39:25
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 li...@li... wrote: > I was noting a difference between how sqlmap works in proxy > vs non-proxy mode to the point where obtained session tokens > will not work. I am inquiring if there is a way to make > sqlmap work differently, regardless of protocol. The proxy feature works perfectly well. It is your proxy - or rather: your use of it - that is incorrect. That being said, I'm guessing Burp probably has some sort of feature capable of rewrite requests. If not, I suggest you write one. > Session credentials are obtained using firefox to burp suite. > Running sqlmap through burp using the same obtained session > token does not work because sqlmap uses different requests > than the obtained token. Err, I lost you there. I thought your issue was sqlmap's http://host:port/requesturi-requests that screwed your sessions? How are the session tokens passed? Are you supplying them correctly to sqlmap? - -- Joe / "Pragmatk" [ 6426 C563 2592 0BB8 5193 797E 1A09 9E97 323C 7837 ] [ gpg --recv-keys --keyserver pgp.mit.edu 0x323C7837 ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBAgAGBQJJ514uAAoJEBoJnpcyPHg3VBkQAIUozYFopzfuP3qV/3m22Yn9 ssN5TCmbh+b8dwJ9LCJq7vqMnnoXCiLbCnFlCi1eFWUX8kMnAmNZzvxWpx3KAObR ZY174HIgKDniaS5/qaGCChcBF+sGN7OoaVJgldn5J9ff0b3MXWxRYjp/RkZSzrrV 3KrQ2Iz40+vzeWXaYWDLbtTyqfXvqM03q5uE56kU1Ii/dWHrPfXCA7knwjNT05Pv ECAWl0aK+ugjDM8nrTQI//Jl9t1FJe681DCt0eNi7lND3UKTpaEvh+wULwC62D6Z Loujan50w2PEG9G2KZ/ml2BfkIebWYx9bu4yWdMEvNfmIyjI09R1Uda8NiEpdJDv mptLDt0H0xXmvznjVZv0Q79kD92VjX8Tnu2vKdUGLfdfllzPRGqDh6t0wyHyFOTQ Bkx03uqK7YaDf0rpyvb/BFeED5klak2X7+KpO2kz2Ab4/7eapq0W0Uzjr9uyNbwg H74VW1nmtBmhjP+pL8YCjpspFufYskLd4ltYsrZSDpOEyBJss+iZDDYfV7OkjSx+ cQHOnyt7UDv9bQ2CMu6bBGPVL9d9kuR3coBvkiTo0HbEtUWqQYKpMHyqdKW1dm19 vIy+zk8PAEtx+fUaaGuyf91SSL9VRFO8TmYuALAqafoXAtTOO6MQExOmHNjFQisb dtNiRPFFzQ1cFI3nkLbO =6gl7 -----END PGP SIGNATURE----- |
|
From: <li...@li...> - 2009-04-16 15:53:10
|
Well, I can see this thread is going nowhere and wreaks of sarcasm rather than a discussion of a differences found using sqlmap in proxy mode. The session tokens work fine not using sqlmap in proxy mode. On Thu, Apr 16, 2009 at 05:34:55PM +0100, Pragmatk wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > li...@li... wrote: > > I was noting a difference between how sqlmap works in proxy > > vs non-proxy mode to the point where obtained session tokens > > will not work. I am inquiring if there is a way to make > > sqlmap work differently, regardless of protocol. > The proxy feature works perfectly well. It is your proxy - or rather: > your use of it - that is incorrect. That being said, I'm guessing Burp > probably has some sort of feature capable of rewrite requests. If not, I > suggest you write one. > > > Session credentials are obtained using firefox to burp suite. > > Running sqlmap through burp using the same obtained session > > token does not work because sqlmap uses different requests > > than the obtained token. > Err, I lost you there. I thought your issue was sqlmap's > http://host:port/requesturi-requests that screwed your sessions? How are > the session tokens passed? Are you supplying them correctly to sqlmap? > > - -- > Joe / "Pragmatk" > [ 6426 C563 2592 0BB8 5193 797E 1A09 9E97 323C 7837 ] > [ gpg --recv-keys --keyserver pgp.mit.edu 0x323C7837 ] |
|
From: Pragmatk <pra...@gm...> - 2009-04-16 16:27:01
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 li...@li... wrote: > Well, I can see this thread is going nowhere and wreaks of sarcasm > rather than a discussion of a differences found using sqlmap in > proxy mode. While my first message was indeed sarcastic, the one previous to this one was 100% serious. The problem with using a "proxy" like Burp is that the GET http://endhost:endport/enduri HTTP/1.1 is required in order for the HTTP Proxy to work. In most cases you would use the (in my opinion) superior SOCKS protocol which allows raw traffic to be passed on in a much nicer way. Had sqlmap been using Burp as a SOCKS proxy, you would not have had your issue. I do not, however, see the problem in establishing the initial session in FF / Burp and modifying the requests to match those of sqlmap? > The session tokens work fine not using sqlmap in proxy mode. Hmm, that could indicate that you'll have to send proper GETs. Consider using another logging tool than Burp or patching sqlmap's urllib-objects to use a SOCKS proxy when establishing connections. - -- Joe / "Pragmatk" [ 6426 C563 2592 0BB8 5193 797E 1A09 9E97 323C 7837 ] [ gpg --recv-keys --keyserver pgp.mit.edu 0x323C7837 ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQIcBAEBAgAGBQJJ52OLAAoJEBoJnpcyPHg3i5gP/1y4w+sem6AnhS3yWp3aQfZG hKTEoX2lx7XJrW5deqrpuXUnRW8VmCeOqIByLfTZ49SA34AyYOvK/uchwM3c5ycc 4Xjje2iavvrxyobQvUrn4vh6VBCxDW/FcQYAXWRzrA1qbOi9ih/uh9ZKdzUQLplQ 4qLx5m/QmaI0aOtLJ4ZIJggQXy6eMtGAAFbPrrjywnD3tqLEmzD5xv+5TN2eVhvY kVG8R5KVFoSgDwXVipOWs1JmZsKCvJf/MAWyt4nwzPvTROMW8CjL+F17Z9IblEK7 BFcEXRrVvIVqKCrZC489IFoQs6MdNT7BwqxByCFOQ6u83Q/pk8rRi0Ber3yH8uVb 6+LE0tw8O1HOIXhusUVtD3165YFCxRr7oZoySaW6RgLP7Gfxd57bmU4ouB3N+KXi aEah3taKsQ09WWm2vHy2G0EyqQQx3SLsfi15FFQQ31TX9TwpQFtx4Sal9o6mDcMY 1iPQGUOaXuyExPi9gKAcEV4SOeyhfgZP7tPFmJ+mgLTDtJ1MowtP/zOwGB9FIXgN 2ivF8diZYmo9vaoewTiAlZ/ZbHGIeNyDkdbKIjU3ddcjYOgxABrmO8V8TEf0MRdt sNvqkiM/qF1wuRMKHqhy1HtXPnH6+Sie+vbqoPAhjKPyWeTbx8g4JXBY0XLkjDha d0cGKb+UgQX/VCc0BrqN =a4ak -----END PGP SIGNATURE----- |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X