Monday, 12 September 2011

Using sqlmap for testing HTTPS sites

Update: By default, sqlmap supports SSL. Somehow it didn't worked for my friend. So I tried with --proxy option to find alternate way.

Last week, one of my friends asked me how to use sqlmap against HTTPS sites? I never tried that one but was sure that there will be a way to do it. I quickly checked sqlmap documentation and came across --proxy switch.

Somehow my friend didn't managed to work sqlmap with --proxy switch, So i decided to try it out myself.

The first thing i did was to read sqlmap documentation about --proxy switch.

It's pretty straight to use --proxy switch. It just need to provide proxy details as http://<proxy IP>:<port>. I used burp to test this.

The target site was running on It has a search page which was vulnerable to SQL Injection and that page has used POST method.

To run sqlmap, i used following command:
./ -u "" --data "word=test" --proxy ""

where -u is target URL, --data is POST data and --proxy is burp proxy details.

Lets' run it.

It works and sqlmap detected the back-end database as MySQL 5.0.

Hope you will find this useful.


  1. When I tried the URL over SSL it shows following error:
    [16:33:37] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request

    And entire website was over HTTPS so ended up writing a script in fiddler. I guess something is screwed up in my windows. Here is the fiddler script:
    static function OnBeforeRequest(oSession: Session){
    if (oSession.HostnameIs('')){
    if(oSession.fullUrl == ""){
    oSession.fullUrl = ""

  2. This article is very informative and cool. Thanks for share this beautiful article.
    eMp3World UK proxy