Hi,
Pass sqlmap requests through a HTTP proxy like Burp
(www.portswigger.net/suite/) with --proxy http://127.0.0.1:8080 option
and use Burp Match&Replace functionality if possible otherwise hack
into sqlmap lib/core/request.py code.
Cheers,
Bernardo
On Sat, Sep 4, 2010 at 15:35, Richard Miles
<ric...@go...> wrote:
> Hi bernardo,
>
> I'm testing a app and the site is protected by a IPS, so I have to use
> comments /**/ to bypass it, I have to use comments instead of spaces.
>
> So, when I run SQLmap it fails because the IPS drop the connection
>
> [08:14:49] [INFO] testing unescaped numeric injection on GET parameter 'id'
> [08:14:50] [WARNING] unable to connect to the target url or proxy,
> sqlmap is going to retry the request
> [08:14:51] [WARNING] unable to connect to the target url or proxy,
> sqlmap is going to retry the request
> [08:14:53] [WARNING] unable to connect to the target url or proxy,
> sqlmap is going to retry the request
> [08:14:54] [ERROR] unable to connect to the target url or proxy
>
> [*] shutting down at: 08:14:54
>
> There is a simples to way to tell SQLmap to replace all spaces on the
> queries with comments? I tried --prefix and --postfix, but it doesn't
> appear to be why they are used for.
>
> If there is no easy way, can you please me what file / line I should
> replace on the SQLmap source to replace all spaces with comments?
>
> Thanks and congratulations for the nice tool.
>
--
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F
|
