Login required before SQLmap
geek_ji
I have a multipart form data where I am suspecting one of the multipart form fields (parameter named htmlbevt_id), to be vulnerable to SQLi. To test for the same I captured the request using Burp and saved it in a file, say myFile. Now on SQLMap I ran the following command:
sqlmap -r /root/Desktop/myFile -p htmlbevt_id
I get the following error message:
unable to connect to the target URL or proxy. sqlmap is going to retry the request
Am I missing something?
Am I required to login to the application before I run the above query? If so, how do I make SQL recognize the login? I mean is it that I need to login to the application from the browser and then run the above query (in which case I am not certain how exactly would SQLMap get to know that I am already logged into the application), or is there a different way to do this ?
I found a part of my answer through some research:
So basically i needed to tweak my sqlmap query to also include --cookie "all the semicolon separated cookies here". But even this does not seem to work in my case. I still get the same error message as above. I realized that the URL request I was making through myFIle was actually a POST request. So through some further googling I learned that I also needed to include --method=POST. However, the SQLmap that comes bundled with Kali is a new version and hence --method has beed deprecated in this version of SQLmap. Moreover I am not really sure that this would even solve the problem (the error).
Need help understanding where am I going wrong and what needs to be done.
Thanks in advance.
geek_ji
Martin Walter
Suraj Pratap
--
_______________________________________________________________________________
null - Spreading the right Information
null Mailing list charter: http://null.co.in/section/about/null_list_charter/
---
You received this message because you are subscribed to the Google Groups "null" group.
To unsubscribe from this group and stop receiving emails from it, send an email to null-co-in+...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Akash
Warm regards,
Akash Mahajan
That Web Application Security Guy | +91 99 805 271 82
akashm.com | @makash on twitter | linkd.in/webappsecguy
OWASP Bangalore Chapter Lead | null Community Manager
Yodha S
Use the existing -r and append a * agaijst the parameter name you are trying to attack. Wjenever sqlmap identifies a * it starts attacking there
Vasavi B P
renthoughts
If you just do "sqlmap -r /root/Desktop/myFile -p htmlbevt_id", sqlmap will not use a proxy configured at the browser, but it may use a proxy configured at the system level. [For instance in windows, IE and Chrome uses the inetcpl.cpl window for it's proxy options while Firefox browser has it's own confirmation]
So
1. do you have a proxy set at the system that is shutdown?
2. Is your authentication ticket or cookie has reached its timeout or has it expired? [because the time you saved the request while you are authenticated may be way early (say 5 mins back or 20 mins back) than the time you are trying to use that captured request with sqlmap]
My suggestion for you would be to use the [ --ignore-proxy Ignore system default HTTP proxy] to see if you are able to able to connect to the website first via sqlmap. Let us talk about authentication issues later.
Use the [--proxy=PROXY Use a HTTP proxy to connect to the target URL] to see what requests sqlmap is making to the website.
If it'd help, you can also refer to my video titled 'Using Sqlmap for login protected sites and JSON data' on vimeo - http://vimeo.com/96799028