Thread: [sqlmap-users] Rate of attack with top level --level and --risk

Brought to you by: inquisb

sqlmap-users

[sqlmap-users] Rate of attack with top level --level and --risk

From: Chris O. <chr...@gm...> - 2011-01-12 11:40:32

Hi there

With --level=5 and --risk=3 enabled, what kind of traffic does sqlmap send,
say, per hour?  I meant to look at this through a proxy but if anyone has a
rough figure without me setting that up it'd be appreciated.

Chris

Re: [sqlmap-users] Rate of attack with top level --level and --risk

From: Bernardo D. A. G. <ber...@gm...> - 2011-01-12 11:45:17

Chris,

It varies a lot. It depends whether or not the target URL is over the
Internet, the machine is responsive, there's no lag, etc.
It also depends on the parameter vulnerabilities. Say it's a simple
injection, sqlmap will spot it easily and quick with very little
number of requests. The number of requests the new detection engine
does is dynamic, it varies according to the results it gets from the
request/responses/delays received up until a certain moment.

I recommend you run it once with default level and risk values and -v
3 and once with level and risk increased to maximum to get an idea.

Bernardo

On 12 January 2011 11:40, Chris Oakley <chr...@gm...> wrote:
> Hi there
>
> With --level=5 and --risk=3 enabled, what kind of traffic does sqlmap send,
> say, per hour?  I meant to look at this through a proxy but if anyone has a
> rough figure without me setting that up it'd be appreciated.
>
> Chris
>
> ------------------------------------------------------------------------------
> Protect Your Site and Customers from Malware Attacks
> Learn about various malware tactics and how to avoid them. Understand
> malware threats, the impact they can have on your business, and how you
> can protect your company and customers by using code signing.
> http://p.sf.net/sfu/oracle-sfdevnl
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>

-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F

Re: [sqlmap-users] Rate of attack with top level --level and --risk

From: Chris O. <chr...@gm...> - 2011-01-12 12:01:04

Thanks for that Bernardo.  I understand that it's dynamic, but would it be
in the realms of possibility for (over the Internet to a responsive machine)
> 200,000 requests to be made by sqlmap over an 8 hour period?  This would
be testing multiple post and cookie values and lots of blind testing.  This
apparently happened to a server recently, but I didn't run sqlmap through a
proxy.  I'm trying to narrow down which tool was responsible so that I can
slow things down in the future.

Chris.

On 12 January 2011 11:45, Bernardo Damele A. G.
<ber...@gm...>wrote:

> Chris,
>
> It varies a lot. It depends whether or not the target URL is over the
> Internet, the machine is responsive, there's no lag, etc.
> It also depends on the parameter vulnerabilities. Say it's a simple
> injection, sqlmap will spot it easily and quick with very little
> number of requests. The number of requests the new detection engine
> does is dynamic, it varies according to the results it gets from the
> request/responses/delays received up until a certain moment.
>
> I recommend you run it once with default level and risk values and -v
> 3 and once with level and risk increased to maximum to get an idea.
>
> Bernardo
>
>
> On 12 January 2011 11:40, Chris Oakley <chr...@gm...>
> wrote:
> > Hi there
> >
> > With --level=5 and --risk=3 enabled, what kind of traffic does sqlmap
> send,
> > say, per hour?  I meant to look at this through a proxy but if anyone has
> a
> > rough figure without me setting that up it'd be appreciated.
> >
> > Chris
> >
> >
> ------------------------------------------------------------------------------
> > Protect Your Site and Customers from Malware Attacks
> > Learn about various malware tactics and how to avoid them. Understand
> > malware threats, the impact they can have on your business, and how you
> > can protect your company and customers by using code signing.
> > http://p.sf.net/sfu/oracle-sfdevnl
> > _______________________________________________
> > sqlmap-users mailing list
> > sql...@li...
> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >
> >
>
>
>
> --
> Bernardo Damele A. G.
>
> E-mail / Jabber: bernardo.damele (at) gmail.com
> Mobile: +447788962949 (UK 07788962949)
> PGP Key ID: 0x05F5A30F
>

Re: [sqlmap-users] Rate of attack with top level --level and --risk

From: Bernardo D. A. G. <ber...@gm...> - 2011-01-12 12:03:07

If the target was not vulnerable to any SQL injection, you provided
--level 5 and --risk 3 together and there were a lot of
GET/POST/Cookie parameters, then yes, potentially thousands of
requests. I can calculate it for you if you assert the above and give
me the exact number of parameters.

Bernardo


On 12 January 2011 12:00, Chris Oakley <chr...@gm...> wrote:
> Thanks for that Bernardo.  I understand that it's dynamic, but would it be
> in the realms of possibility for (over the Internet to a responsive machine)
>> 200,000 requests to be made by sqlmap over an 8 hour period?  This would
> be testing multiple post and cookie values and lots of blind testing.  This
> apparently happened to a server recently, but I didn't run sqlmap through a
> proxy.  I'm trying to narrow down which tool was responsible so that I can
> slow things down in the future.
>
> Chris.
>
> On 12 January 2011 11:45, Bernardo Damele A. G. <ber...@gm...>
> wrote:
>>
>> Chris,
>>
>> It varies a lot. It depends whether or not the target URL is over the
>> Internet, the machine is responsive, there's no lag, etc.
>> It also depends on the parameter vulnerabilities. Say it's a simple
>> injection, sqlmap will spot it easily and quick with very little
>> number of requests. The number of requests the new detection engine
>> does is dynamic, it varies according to the results it gets from the
>> request/responses/delays received up until a certain moment.
>>
>> I recommend you run it once with default level and risk values and -v
>> 3 and once with level and risk increased to maximum to get an idea.
>>
>> Bernardo
>>
>>
>> On 12 January 2011 11:40, Chris Oakley <chr...@gm...>
>> wrote:
>> > Hi there
>> >
>> > With --level=5 and --risk=3 enabled, what kind of traffic does sqlmap
>> > send,
>> > say, per hour?  I meant to look at this through a proxy but if anyone
>> > has a
>> > rough figure without me setting that up it'd be appreciated.
>> >
>> > Chris
>> >
>> >
>> > ------------------------------------------------------------------------------
>> > Protect Your Site and Customers from Malware Attacks
>> > Learn about various malware tactics and how to avoid them. Understand
>> > malware threats, the impact they can have on your business, and how you
>> > can protect your company and customers by using code signing.
>> > http://p.sf.net/sfu/oracle-sfdevnl
>> > _______________________________________________
>> > sqlmap-users mailing list
>> > sql...@li...
>> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>> >
>> >
>>
>>
>>
>> --
>> Bernardo Damele A. G.
>>
>> E-mail / Jabber: bernardo.damele (at) gmail.com
>> Mobile: +447788962949 (UK 07788962949)
>> PGP Key ID: 0x05F5A30F
>
>



-- 
Bernardo Damele A. G.

E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F