Intercept Request using BurpSuite to use in SQLMap

SQLMap is an open-source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over database servers. BurpSuite is an automated web vulnerability scanner.


  • Intercept the POST request using BurpSuite.
  • If the request is not POST, like if it is a GET request
  • Right-Click > Change request method. The method will be changed to POST as shown above.
  • After you intercepted the POST request. Save the request to a file. To do that, right-click > Copy to file. Choose a name and location to store the file. 
  • Fire up the terminal, and parse the file into SQLMap using -r switch.
    • Syntax: sqlmap -r <file_location> 
sqlmap -r post_req_file -p “name” --dbs --threads 5
  • The switches used in the above example are:
    • -r: Request File
    • -p: Parameters
    • --dbs: Enumerate Database
    • --thread: Number of threads to run.

You might also be interested in, 
We hope this helps. If any suggestions or doubts you can add a comment and we will reply as soon as possible.

No comments:

Post a Comment