Webscarab can save output for.
Also, you can try ZAP from OWASP.
On Nov 21, 2011, at 11:00 PM, Bob Simonoff wrote:
>
> Miroslav, thanks, that is exactly the problem. Unfortunately, when I
> download the latest version, svn exits on me when my virus checker complains
> about one of the exe files it determined was a virus. I will have to learn
> svn to see if I can have it download everything but that file.
>
> I am using burpsuite as a proxy. I guess I could copy/paste everything into
> a response file, but as Miroslav says, that would give the same result (but
> would be much easier. So thanks, I may have to play with that. Burpsuite
> unfortunately does have logging with the free version anymore.
>
> Thanks everyone else too. I will try those if I can not get the latest
> version working.
>
> Bob
>
> ----- Original Message -----
> From: Miroslav Stampar
> To: Brandon Perry
> Cc: sqlmap-users@lists.sourceforge.net
> Sent: Monday, November 21, 2011 4:20 PM
> Subject: Re: [sqlmap-users] %26 as part of a POST parameter name on MSWindows
>
> Hi Brandon.
>
> It's a bit complicated. That %26 coincidentally decoded to the default
> delimiter value '&' so that probably caused problems in your case with sqlmap.
>
> Please update to the latest revision and try it again.
>
> Kind regards,
> Miroslav Stampar
>
> On Mon, Nov 21, 2011 at 8:45 PM, Brandon Perry <bperry.volat...@gmail.com>
> wrote:
> You may also grab a copy of the free edition of BurpSuite, record the
> POST response, and save that to a file.
>
> Then use the -r flag and pass the burp response to sqlmap. Will be
> easier to work with.
>
> On Mon, Nov 21, 2011 at 1:44 PM, Brandon Perry
> <bperry.volat...@gmail.com> wrote:
> > I would say just use a virtual machine. Grab a copy of backtrack,
> > update sqlmap, and start from there.
> >
> > VirtualBox is a free, open source virtualization suite that runs on
> > windows. You will have a much better time interacting with sqlmap.
> >
> > On Mon, Nov 21, 2011 at 1:39 PM, Iago Sousa <146050...@gmail.com> wrote:
> >> What is the fld?
> >>
> >> On Mon, Nov 21, 2011 at 10:30 AM, Bob Simonoff <b...@simonofffamily.com>
> >> wrote:
> >>>
> >>> I have been asked to test a web site for SQL injection. The website uses
> >>> POST and the parameter names all have the 3 characters %26 (percent 26)
> >>> as a
> >>> separator. This makes thinks difficult, since I am running sqlmap from
> >>> windows. First windows is trying to substitute %2 as the second argument
> >>> of
> >>> the command line, but python is also at play here. I have not found an
> >>> escape sequence that allows both windows and python to be happy. I have
> >>> tried various combinations of ^, \, and %% to no avail.
> >>>
> >>> So an example of post data would be:
> >>> --data="fld%26First=Bob&fld%26Last=Jones"
> >>>
> >>> Can anyone provide a recommendation?
> >>>
> >>> Thanks
> >>> Bob
> >>>
> >>> Apologies if this appears twice, I had trouble with my subscription
> >>>
> >>> ------------------------------------------------------------------------------
> >>> All the data continuously generated in your IT infrastructure
> >>> contains a definitive record of customers, application performance,
> >>> security threats, fraudulent activity, and more. Splunk takes this
> >>> data and makes sense of it. IT sense. And common sense.
> >>> http://p.sf.net/sfu/splunk-novd2d
> >>> _______________________________________________
> >>> sqlmap-users mailing list
> >>> sqlmap-users@lists.sourceforge.net
> >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >>>
> >>
> >>
> >>
> >> --
> >> Iago Sousa
> >>
> >>
> >> ------------------------------------------------------------------------------
> >> All the data continuously generated in your IT infrastructure
> >> contains a definitive record of customers, application performance,
> >> security threats, fraudulent activity, and more. Splunk takes this
> >> data and makes sense of it. IT sense. And common sense.
> >> http://p.sf.net/sfu/splunk-novd2d
> >> _______________________________________________
> >> sqlmap-users mailing list
> >> sqlmap-users@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> >>
> >>
> >
> >
> >
> > --
> > http://volatile-minds.blogspot.com -- blog
> > http://www.volatileminds.net -- website
> >
>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure
> contains a definitive record of customers, application performance,
> security threats, fraudulent activity, and more. Splunk takes this
> data and makes sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-novd2d
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
>
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure
> contains a definitive record of customers, application performance,
> security threats, fraudulent activity, and more. Splunk takes this
> data and makes sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-novd2d
>
>
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> ------------------------------------------------------------------------------
> All the data continuously generated in your IT infrastructure
> contains a definitive record of customers, application performance,
> security threats, fraudulent activity, and more. Splunk takes this
> data and makes sense of it. IT sense. And common sense.
> http://p.sf.net/sfu/splunk-novd2d_______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
