sqlmap-users

[sqlmap-users] How to avoid stoping the probes due to timeouts

[seth <xd...@gm...>]

There is a website which has some sort of (bad) web application firewall
that calls sleep() with a high value every time it detects an attack.
When running sqlmap agaist this website, it stops the probes after
finding a url that triggers this behavior.
Is there any way to tell sqlmap to treat a timeout as 'not vulnerable to
this technique'?

Re: [sqlmap-users] How to avoid stoping the probes due to timeouts

[Miroslav S. <mir...@gm...>]

Hi seth.

You can force usage of non-time based techniques by:
--technique=BEU

That will skip time/stacked injection tests.

Kind regards,
Miroslav Stampar

On Wed, Apr 18, 2012 at 4:12 AM, seth <xd...@gm...> wrote:

> There is a website which has some sort of (bad) web application firewall
> that calls sleep() with a high value every time it detects an attack.
> When running sqlmap agaist this website, it stops the probes after
> finding a url that triggers this behavior.
> Is there any way to tell sqlmap to treat a timeout as 'not vulnerable to
> this technique'?
>
>
> ------------------------------------------------------------------------------
> Better than sec? Nothing is better than sec when it comes to
> monitoring Big Data applications. Try Boundary one-second
> resolution app monitoring today. Free.
> http://p.sf.net/sfu/Boundary-dev2dev
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>



-- 
Miroslav Stampar
http://about.me/stamparm