Intercept Request using BurpSuite to use in SQLMap

SQLMap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers. BurpSuite is an automated web vulnerability scanner.


USING REQUEST TO FIND SQLI

  • Intercept the POST request using BurpSuite.
  • If the request is not POST, like if it is a GET request
  • Right-Click > Change request method. The method will be changed to POST as shown above.
  • After you intercepted the POST request. Save the request to a file. To do that, right-click > Copy to file. Choose a name and location to store the file. 
  • Fire up the terminal, and parse the file into SQLMap using -r switch.
    • Syntax: sqlmap -r <file_location> 
sqlmap -r post_req_file -p “name” --dbs --threads 5
  • The switches used in the above example are:
    • -r: Request File
    • -p: Parameters
    • --dbs: Enumerate Database
    • --thread: Number of threads to run.

You might also be interested in, 
We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

No comments:

Post a Comment