Monday, 12 September 2011

Using sqlmap for testing HTTPS sites

Update: By default, sqlmap supports SSL. Somehow it didn't worked for my friend. So I tried with --proxy option to find alternate way.

Last week, one of my friends asked me how to use sqlmap against HTTPS sites? I never tried that one but was sure that there will be a way to do it. I quickly checked sqlmap documentation and came across --proxy switch.

Somehow my friend didn't managed to work sqlmap with --proxy switch, So i decided to try it out myself.

The first thing i did was to read sqlmap documentation about --proxy switch.


It's pretty straight to use --proxy switch. It just need to provide proxy details as http://<proxy IP>:<port>. I used burp to test this.

The target site was running on 192.168.20.129. It has a search page which was vulnerable to SQL Injection and that page has used POST method.


To run sqlmap, i used following command:
./sqlmap.py -u "https://192.168.20.128/1/index.jsp" --data "word=test" --proxy "http://127.0.0.1:8080"

where -u is target URL, --data is POST data and --proxy is burp proxy details.

Lets' run it.


It works and sqlmap detected the back-end database as MySQL 5.0.

Hope you will find this useful.

5 comments:

  1. When I tried the URL over SSL it shows following error:
    [16:33:37] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request

    And entire website was over HTTPS so ended up writing a script in fiddler. I guess something is screwed up in my windows. Here is the fiddler script:
    static function OnBeforeRequest(oSession: Session){
    if (oSession.HostnameIs('www.demo.com')){
    if(!oSession.isHTTPS){
    if(oSession.fullUrl == "http://www.demo.com/vulpage.asp"){
    oSession.fullUrl = "https://www.demo.com/vulpage.asp"
    }}}}

    ReplyDelete
  2. This article is very informative and cool. Thanks for share this beautiful article.
    eMp3World UK proxy

    ReplyDelete
  3. Hay Dear, Do you find to web proxy free,proxy web free,unblock web proxy,secure proxy,unblock website proxy. I suggest you to visit this site. There are a lot of web proxy . For details: unblock website proxy

    ReplyDelete
  4. Excellent blog you’ve got here.It’s difficult to find high-quality writing like yours nowadays. I really appreciate individuals like you! Take care!! Please check out my site.
    unblock web proxy

    ReplyDelete
  5. The information on this blog is very useful and very interesting. If someone needs to know about the just click
    access eMp3World in UK

    ReplyDelete