Get yourself the burp proxy
(http://portswigger.net/burp/downloadfree.html), configure sqlmap to use
the proxy (via the '--proxy' parameter) and check the requests that
passed through the proxy.
Cheers
Dennis
Am 08.05.2012 12:45, schrieb Lukas Rist:
> Hi Bernardo,
>
> On Tue, May 8, 2012 at 12:3
Hi.
Decision is based on a technique used:
A) boolean - similar response on A=A, non similar response on A<>B
B) error - used test query string has to be inside the response (e.g. A:1:B)
C) union - same as B
D) stacked - delay on A=A, no delay on A<>B
E) time-based - same as D
False positives ar
Hi Bernardo,
On Tue, May 8, 2012 at 12:39 PM, Bernardo Damele A. G.
wrote:
> Increase verbosity to 3, read the output, it says the payload used
> when detection phase finishes and injections are identified and
> generally speaking, read the user's manual.
I'm actually more interested in those in
Increase verbosity to 3, read the output, it says the payload used
when detection phase finishes and injections are identified and
generally speaking, read the user's manual.
Bernardo
On 8 May 2012 12:37, Lukas Rist wrote:
> Hello,
>
> Is there a possibility to get the patter sqlmap has used to
Hello,
Is there a possibility to get the patter sqlmap has used to determine
the injection (i.e. error based) success?
I want to get some insight how sqlmap decides if a parameter is
vulnerable or not.
Thanks,
Lukas
--
