Hi Walter,
On Mon, Aug 17, 2009 at 18:34, Walter
Stanish<wal...@sa...> wrote:
> ...
> - no automatic extraction of forms / ajax URLs (could detect common
> javascript framework ajax requests/URLs from linked .js sourcefiles)
sqlmap has no crawling/spidering functionality and I have no plans to
implement such.
However, you can surf the site via WebScarab or Burp logging all
requests in a log file then pass it to sqlmap with -l command line
option.
> … There should be an option to ‘force testing of all parameters’ or
> ‘force testing of specific parameters’. (I had to hack the source to make
> checkDynParam ‘return True’ to fix this.)
Read the manual, also -h is enough for the list of options!
The option is -p. It skips the dynamicity test.
> - you could also add ‘Accept-lang:’ as a field to test, as some
> multilingual sites will be parsing this
I will refactor the detection phase in the mid term and perhaps
include this too.
Cheers,
--
Bernardo Damele A. G.
E-mail / Jabber: bernardo.damele (at) gmail.com
Mobile: +447788962949 (UK 07788962949)
PGP Key ID: 0x05F5A30F
|
