sqlmap-users

[sqlmap-users] --keep-alive

[Miroslav S. <mir...@gm...>]

Hi.

Currently as a part of development process we've added support for
Keep-alive sessions (using "slightly adjusted version" of Keepalive
module from Michael D. Stenner's urlgrabber project -
http://linux.duke.edu/urlgrabber/), which by first results gave great
results (in some cases up to 2.5x times faster scanning, particularly
in multi threading mode).

Right now that option is hidden behind --keep-alive switch (not
visible in help menu) and we would like you to test it thoroughly
before we turn it on as a default part of sqlmap. We just want to be
sure that everything works as expected (only a bit faster :).

Also, in case that you are doing a session behind a proxy (explicitly
by --proxy or implicitly by a system set one) keep alive is
automatically turned off because, as result of Bernardo's research:
"Use Keep-Alive (persistent HTTP connection) only if a proxy is not
set - http://www.w3.org/Protocols/rfc2616/rfc2616-sec8.html".

So, please checkout sqlmap's latest version from it's repository and
please report any "inconveniences" you find.

Kind regards.

-- 
Miroslav Stampar

E-mail / Jabber: miroslav.stampar (at) gmail.com
Mobile: +385921010204 (HR 0921010204)
PGP Key ID: 0xB5397B1B

Re: [sqlmap-users] --keep-alive

[Kasper F. <th...@ma...>]

This is a great feature, thanks for giving a try on it!

I have tested it on two pages. One is pretty fast, other is pretty slow. 
I have used threads and batchmode.

My results:
It seems to receive invalid responses now and then. SQLmap reports that 
"the target url responded with an unknown HTTP status code..." and that 
I should try to set the user agent. Sqlmap goes down. Running the 
program once again, and the program might get through the same point 
just fine.
What is worse: it actually sometimes fetches wrong results. I have tried 
fetching a long line (30 chars) out of a database, seeing that it looked 
weird I deleted the last line in the session file and tried again - this 
time some chars where not the same! This is bad! I did this multiple 
times and some characters were different nearly each time.

Other then that it really speeds up the fetching. I hope this will get 
to be a default feature once!

/Kasper

On 11-06-2010 10:28, Miroslav Stampar wrote:
> Hi.
>
> Currently as a part of development process we've added support for
> Keep-alive sessions (using "slightly adjusted version" of Keepalive
> module from Michael D. Stenner's urlgrabber project -
> http://linux.duke.edu/urlgrabber/), which by first results gave great
> results (in some cases up to 2.5x times faster scanning, particularly
> in multi threading mode).
>
> Right now that option is hidden behind --keep-alive switch (not
> visible in help menu) and we would like you to test it thoroughly
> before we turn it on as a default part of sqlmap. We just want to be
> sure that everything works as expected (only a bit faster :).
>
> Also, in case that you are doing a session behind a proxy (explicitly
> by --proxy or implicitly by a system set one) keep alive is
> automatically turned off because, as result of Bernardo's research:
> "Use Keep-Alive (persistent HTTP connection) only if a proxy is not
> set - http://www.w3.org/Protocols/rfc2616/rfc2616-sec8.html".
>
> So, please checkout sqlmap's latest version from it's repository and
> please report any "inconveniences" you find.
>
> Kind regards.
>
>