hi Andres. with the latest r4366 commit there is a new switch implemented '--randomize' by your request.
example of usage: -u "www.site.com/vuln.php?id=1&id2=2&id3=3" --randomize=id2 it will automatically randomize parameter value for id2 in further requests regarding it's "template type" integer values inside will be replaced by random integer values in every further request, lower char value will be replaced by random lower char value, upper char... this is the simplest solution for preventing "template" of the original parameter value e.g. "asas...@fawa.com" could be replaced with "orvr...@wyog.com" or e.g. "1234#aaaa!DKWE" could be replaced with "4823#dsjs!KVEW" kind regards 2011/8/20 Andres Tarascó Acuña <atara...@gmail.com>: > hi there! > > I would like to suggest a feature that I think many of you will find it > useful. The idea is to allow sqlmap or an sqlmap tamper script to create > random data on each request, against targeted parameters, to bypass unique > key restrictions. afaik there is no way to achieve this with latest > release. > > For example, a registration form, can trigger an sql injection that can only > be exploited when some previous checks are bypassed, like some parameters > being inserted into the database. Under these scenario, each request must > contain unique data on some parameters to be able to attack the backend. > > Several "random data" generator could be supported, like > integers,alphanumeric , and emails strings. > Example: > ./sqlmap.py -u http://host/register.php > --data="login=a...@a.com&pass=f00&lang=en" -p lang --random-email=login > Its just an idea :) > btw, without using the -p flag to target an specific parameter, is there any > way to tell sqlmap to avoid testing a parameter? > > Thanks, > > Andres > > ------------------------------------------------------------------------------ > Get a FREE DOWNLOAD! and learn more about uberSVN rich system, > user administration capabilities and model configuration. Take > the hassle out of deploying and managing Subversion and the > tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2 > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar http://about.me/stamparm ------------------------------------------------------------------------------ EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
