I've found something that makes the time consuming nature of copying session cookies out of burp, trying to get SQLMap to inject into the correct parameter, etc. etc. much easier.
First, we will need Burpsuite loaded up, we will also need our point of injection (URI).
1. Browse to target site http://example_site.com/Login.asp
2. Configure Burp proxy, point browser to Burp (127.0.0.1:8080) with Burp set to intercept in the proxy tab.
3. Click on the submit button on the login form
4. Burp catches the POST request and waits
5. Copy the entire POST request to a text file, I have called it 'post.txt' and placed it in the /sqlmap/ directory
(If you have used VI to paste the POST request into, make sure you remove the line spacing (basically make it look how it looks in Burp))
6. Run sqlmap as shown here (note that the'tfUPass' parameter is only an example):
./sqlmap.py -r post.txt -p tfUPassThe option '-r' tells SQLMap to read the 'search-test.txt' file to get the information used to inject in the POST request. '-p' is the parameter we are attacking. Bascially, SQLMap parses through the POST request for you, pulls out all pertinent information, such as session cookies, URL, etc.
No comments:
Post a Comment