Update: By default, sqlmap supports SSL. Somehow it didn't worked for my friend. So I tried with --proxy option to find alternate way.
Last week, one of my friends asked me how to use sqlmap against HTTPS sites? I never tried that one but was sure that there will be a way to do it. I quickly checked sqlmap documentation and came across --proxy switch.
Somehow my friend didn't managed to work sqlmap with --proxy switch, So i decided to try it out myself.
The first thing i did was to read sqlmap documentation about --proxy switch.
It's pretty straight to use --proxy switch. It just need to provide proxy details as http://<proxy IP>:<port>. I used burp to test this.
The target site was running on 192.168.20.129. It has a search page which was vulnerable to SQL Injection and that page has used POST method.
To run sqlmap, i used following command:
./sqlmap.py -u "https://192.168.20.128/1/index.jsp" --data "word=test" --proxy "http://127.0.0.1:8080"
where -u is target URL, --data is POST data and --proxy is burp proxy details.
Lets' run it.
It works and sqlmap detected the back-end database as MySQL 5.0.
Hope you will find this useful.
Last week, one of my friends asked me how to use sqlmap against HTTPS sites? I never tried that one but was sure that there will be a way to do it. I quickly checked sqlmap documentation and came across --proxy switch.
Somehow my friend didn't managed to work sqlmap with --proxy switch, So i decided to try it out myself.
The first thing i did was to read sqlmap documentation about --proxy switch.
It's pretty straight to use --proxy switch. It just need to provide proxy details as http://<proxy IP>:<port>. I used burp to test this.
The target site was running on 192.168.20.129. It has a search page which was vulnerable to SQL Injection and that page has used POST method.
To run sqlmap, i used following command:
./sqlmap.py -u "https://192.168.20.128/1/index.jsp" --data "word=test" --proxy "http://127.0.0.1:8080"
where -u is target URL, --data is POST data and --proxy is burp proxy details.
Lets' run it.
It works and sqlmap detected the back-end database as MySQL 5.0.
Hope you will find this useful.
When I tried the URL over SSL it shows following error:
ReplyDelete[16:33:37] [CRITICAL] connection timed out to the target url or proxy, sqlmap is going to retry the request
And entire website was over HTTPS so ended up writing a script in fiddler. I guess something is screwed up in my windows. Here is the fiddler script:
static function OnBeforeRequest(oSession: Session){
if (oSession.HostnameIs('www.demo.com')){
if(!oSession.isHTTPS){
if(oSession.fullUrl == "http://www.demo.com/vulpage.asp"){
oSession.fullUrl = "https://www.demo.com/vulpage.asp"
}}}}