sqlmap-users

[sqlmap-users] testing json requests

[Travis A. <tra...@gm...>]

Does sqlmap support this?  I get errors when making the request.  Below is
my sample request.

===================================================

PUT /someFile HTTP/1.1

Host: 1.2.3.4:9000

User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101
Firefox/24.0

Accept: */*

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Type: application/json; charset=UTF-8

X-Requested-With: XMLHttpRequest

Referer: something

Content-Length: 397

Cookie: blah

Connection: keep-alive



{"blah":{"name":"somevar","solutionId":1000,"BindingField":[{"id":"90","name":"fleet","tag":"Mas","tagVal":"Mas"},{"id":"100","name":"manufacturer","tag":"monkey","tagVal":"monkey"},{"id":"110","name":"model","tag":"Cam","tagVal":"Cam"},{"id":"120","name":"style","tag":"LE","tagVal":"LE"},{"id":"50","name":"vin","tag":"1","tagVal":"1"}],"id":"1000"}}

Re: [sqlmap-users] testing json requests

[Brandon P. <bpe...@gm...>]

What are the errors? Do you need --force-ssl?

Sent from a computer

> On Dec 3, 2013, at 8:29, Travis Altman <tra...@gm...> wrote:
> 
> Does sqlmap support this?  I get errors when making the request.  Below is my sample request.
> 
> ===================================================
> PUT /someFile HTTP/1.1
> 
> Host: 1.2.3.4:9000
> 
> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0
> 
> Accept: */*
> 
> Accept-Language: en-US,en;q=0.5
> 
> Accept-Encoding: gzip, deflate
> 
> Content-Type: application/json; charset=UTF-8
> 
> X-Requested-With: XMLHttpRequest
> 
> Referer: something
> 
> Content-Length: 397
> 
> Cookie: blah
> 
> Connection: keep-alive
> 
>  
> 
> {"blah":{"name":"somevar","solutionId":1000,"BindingField":[{"id":"90","name":"fleet","tag":"Mas","tagVal":"Mas"},{"id":"100","name":"manufacturer","tag":"monkey","tagVal":"monkey"},{"id":"110","name":"model","tag":"Cam","tagVal":"Cam"},{"id":"120","name":"style","tag":"LE","tagVal":"LE"},{"id":"50","name":"vin","tag":"1","tagVal":"1"}],"id":"1000"}}
> 
> ------------------------------------------------------------------------------
> Rapidly troubleshoot problems before they affect your business. Most IT 
> organizations don't have a clear picture of how application performance 
> affects their revenue. With AppDynamics, you get 100% visibility into your 
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Re: [sqlmap-users] testing json requests

[Miroslav S. <mir...@gm...>]

Yes, sqlmap should support it out of the box with option -r.

Most probably your formatting went bad while copy pasting but be sure that
there are not extra new lines between headers.

Bye


On Tue, Dec 3, 2013 at 3:29 PM, Travis Altman <tra...@gm...>wrote:

> Does sqlmap support this?  I get errors when making the request.  Below is
> my sample request.
>
> ===================================================
>
> PUT /someFile HTTP/1.1
>
> Host: 1.2.3.4:9000
>
> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101
> Firefox/24.0
>
> Accept: */*
>
> Accept-Language: en-US,en;q=0.5
>
> Accept-Encoding: gzip, deflate
>
> Content-Type: application/json; charset=UTF-8
>
> X-Requested-With: XMLHttpRequest
>
> Referer: something
>
> Content-Length: 397
>
> Cookie: blah
>
> Connection: keep-alive
>
>
>
>
> {"blah":{"name":"somevar","solutionId":1000,"BindingField":[{"id":"90","name":"fleet","tag":"Mas","tagVal":"Mas"},{"id":"100","name":"manufacturer","tag":"monkey","tagVal":"monkey"},{"id":"110","name":"model","tag":"Cam","tagVal":"Cam"},{"id":"120","name":"style","tag":"LE","tagVal":"LE"},{"id":"50","name":"vin","tag":"1","tagVal":"1"}],"id":"1000"}}
>
>
> ------------------------------------------------------------------------------
> Rapidly troubleshoot problems before they affect your business. Most IT
> organizations don't have a clear picture of how application performance
> affects their revenue. With AppDynamics, you get 100% visibility into your
> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
> Pro!
> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>


-- 
Miroslav Stampar
http://about.me/stamparm

Re: [sqlmap-users] testing json requests

[Jacob K. <pro...@gm...>]

Awesome, with -r it works like a charm.

Thanks for being so responsive



On Tue, Dec 3, 2013 at 9:37 AM, Miroslav Stampar <mir...@gm...
> wrote:

> Yes, sqlmap should support it out of the box with option -r.
>
> Most probably your formatting went bad while copy pasting but be sure that
> there are not extra new lines between headers.
>
> Bye
>
>
> On Tue, Dec 3, 2013 at 3:29 PM, Travis Altman <tra...@gm...>wrote:
>
>> Does sqlmap support this?  I get errors when making the request.  Below
>> is my sample request.
>>
>> ===================================================
>>
>> PUT /someFile HTTP/1.1
>>
>> Host: 1.2.3.4:9000
>>
>> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101
>> Firefox/24.0
>>
>> Accept: */*
>>
>> Accept-Language: en-US,en;q=0.5
>>
>> Accept-Encoding: gzip, deflate
>>
>> Content-Type: application/json; charset=UTF-8
>>
>> X-Requested-With: XMLHttpRequest
>>
>> Referer: something
>>
>> Content-Length: 397
>>
>> Cookie: blah
>>
>> Connection: keep-alive
>>
>>
>>
>>
>> {"blah":{"name":"somevar","solutionId":1000,"BindingField":[{"id":"90","name":"fleet","tag":"Mas","tagVal":"Mas"},{"id":"100","name":"manufacturer","tag":"monkey","tagVal":"monkey"},{"id":"110","name":"model","tag":"Cam","tagVal":"Cam"},{"id":"120","name":"style","tag":"LE","tagVal":"LE"},{"id":"50","name":"vin","tag":"1","tagVal":"1"}],"id":"1000"}}
>>
>>
>> ------------------------------------------------------------------------------
>> Rapidly troubleshoot problems before they affect your business. Most IT
>> organizations don't have a clear picture of how application performance
>> affects their revenue. With AppDynamics, you get 100% visibility into your
>> Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics
>> Pro!
>>
>> http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk
>> _______________________________________________
>> sqlmap-users mailing list
>> sql...@li...
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>