TBH, running tools like sqlmap (and metasploit for example) on windows where AV is very prevalent can become very tedious.
It may be worth your while to run Linux within a virtual machine to perform these tasks. You don't have to worry about Windows getting in the way of your productivity. On Mon, Nov 21, 2011 at 10:00 PM, Bob Simonoff <b...@simonofffamily.com> wrote: > > Miroslav, thanks, that is exactly the problem. Unfortunately, when I > download the latest version, svn exits on me when my virus checker complains > about one of the exe files it determined was a virus. I will have to learn > svn to see if I can have it download everything but that file. > > I am using burpsuite as a proxy. I guess I could copy/paste everything into > a response file, but as Miroslav says, that would give the same result (but > would be much easier. So thanks, I may have to play with that. Burpsuite > unfortunately does have logging with the free version anymore. > > Thanks everyone else too. I will try those if I can not get the latest > version working. > > Bob > > > ----- Original Message ----- > From: Miroslav Stampar > To: Brandon Perry > Cc: sqlmap-users@lists.sourceforge.net > Sent: Monday, November 21, 2011 4:20 PM > Subject: Re: [sqlmap-users] %26 as part of a POST parameter name on > MSWindows > Hi Brandon. > It's a bit complicated. That %26 coincidentally decoded to the default > delimiter value '&' so that probably caused problems in your case with > sqlmap. > Please update to the latest revision and try it again. > Kind regards, > Miroslav Stampar > > On Mon, Nov 21, 2011 at 8:45 PM, Brandon Perry <bperry.volat...@gmail.com> > wrote: >> >> You may also grab a copy of the free edition of BurpSuite, record the >> POST response, and save that to a file. >> >> Then use the -r flag and pass the burp response to sqlmap. Will be >> easier to work with. >> >> On Mon, Nov 21, 2011 at 1:44 PM, Brandon Perry >> <bperry.volat...@gmail.com> wrote: >> > I would say just use a virtual machine. Grab a copy of backtrack, >> > update sqlmap, and start from there. >> > >> > VirtualBox is a free, open source virtualization suite that runs on >> > windows. You will have a much better time interacting with sqlmap. >> > >> > On Mon, Nov 21, 2011 at 1:39 PM, Iago Sousa <146050...@gmail.com> wrote: >> >> What is the fld? >> >> >> >> On Mon, Nov 21, 2011 at 10:30 AM, Bob Simonoff <b...@simonofffamily.com> >> >> wrote: >> >>> >> >>> I have been asked to test a web site for SQL injection. The website >> >>> uses >> >>> POST and the parameter names all have the 3 characters %26 (percent >> >>> 26) as a >> >>> separator. This makes thinks difficult, since I am running sqlmap from >> >>> windows. First windows is trying to substitute %2 as the second >> >>> argument of >> >>> the command line, but python is also at play here. I have not found >> >>> an >> >>> escape sequence that allows both windows and python to be happy. I >> >>> have >> >>> tried various combinations of ^, \, and %% to no avail. >> >>> >> >>> So an example of post data would be: >> >>> --data="fld%26First=Bob&fld%26Last=Jones" >> >>> >> >>> Can anyone provide a recommendation? >> >>> >> >>> Thanks >> >>> Bob >> >>> >> >>> Apologies if this appears twice, I had trouble with my subscription >> >>> >> >>> >> >>> ------------------------------------------------------------------------------ >> >>> All the data continuously generated in your IT infrastructure >> >>> contains a definitive record of customers, application performance, >> >>> security threats, fraudulent activity, and more. Splunk takes this >> >>> data and makes sense of it. IT sense. And common sense. >> >>> http://p.sf.net/sfu/splunk-novd2d >> >>> _______________________________________________ >> >>> sqlmap-users mailing list >> >>> sqlmap-users@lists.sourceforge.net >> >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >>> >> >> >> >> >> >> >> >> -- >> >> Iago Sousa >> >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> All the data continuously generated in your IT infrastructure >> >> contains a definitive record of customers, application performance, >> >> security threats, fraudulent activity, and more. Splunk takes this >> >> data and makes sense of it. IT sense. And common sense. >> >> http://p.sf.net/sfu/splunk-novd2d >> >> _______________________________________________ >> >> sqlmap-users mailing list >> >> sqlmap-users@lists.sourceforge.net >> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> >> >> >> >> > >> > >> > >> > -- >> > http://volatile-minds.blogspot.com -- blog >> > http://www.volatileminds.net -- website >> > >> >> >> >> -- >> http://volatile-minds.blogspot.com -- blog >> http://www.volatileminds.net -- website >> >> >> ------------------------------------------------------------------------------ >> All the data continuously generated in your IT infrastructure >> contains a definitive record of customers, application performance, >> security threats, fraudulent activity, and more. Splunk takes this >> data and makes sense of it. IT sense. And common sense. >> http://p.sf.net/sfu/splunk-novd2d >> _______________________________________________ >> sqlmap-users mailing list >> sqlmap-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > -- > Miroslav Stampar > http://about.me/stamparm > > ________________________________ > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure > contains a definitive record of customers, application performance, > security threats, fraudulent activity, and more. Splunk takes this > data and makes sense of it. IT sense. And common sense. > http://p.sf.net/sfu/splunk-novd2d > > ________________________________ > > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > -- http://volatile-minds.blogspot.com -- blog http://www.volatileminds.net -- website ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
