Hello,

When using sqlmap with the forms option, it does not send the cookies
or headers specified on the command line. I'd like sqlmap to connect
to the specified URL using the cookie(s) I specify and then process
the forms on the response. Is there some way to do this, or does it
require grabbing the response manually, or code changes to sqlmap?

Here is my sqlmap version:

URL: https://svn.sqlmap.org/sqlmap/trunk/sqlmap
Repository Root: https://svn.sqlmap.org/sqlmap
Repository UUID: 7eb2e9d7-d917-0410-b3c8-b11144ad09fb
Revision: 4687
Node Kind: directory
Schedule: normal
Last Changed Author: stamparm
Last Changed Rev: 4687
Last Changed Date: 2012-01-16 21:28:21 +1100 (Mon, 16 Jan 2012)

Here is the request with --forms:

# sqlmap.py -u "http://<removed>/<removed>.php"
--cookie="PHPSESSID=<removed>; username=<removed>" -v 6 --forms

    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
<snip>
[09:30:50] [DEBUG] cleaning up configuration parameters
[09:30:50] [DEBUG] setting the HTTP timeout
[09:30:50] [DEBUG] setting the HTTP Cookie header
[09:30:50] [DEBUG] setting the HTTP method to GET
[09:30:50] [DEBUG] setting the HTTP proxy to pass by all HTTP requests
[09:30:50] [DEBUG] creating HTTP requests opener object
[09:30:50] [INFO] testing connection to the target url
[09:30:50] [TRAFFIC OUT] HTTP request [#1]:
GET /vote.php HTTP/1.1
Accept-Encoding: identity
Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
Host: s14513-20grcmuy.roma.coliseumlab.net
Accept-language: en-us,en;q=0.5
Pragma: no-cache
Cache-control: no-cache,no-store
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Connection: close


Here is the request without --forms:

# sqlmap.py -u "http://<removed>/<removed>.php"
--cookie="PHPSESSID=<removed>; username=<removed>" -v 6

    sqlmap/1.0-dev - automatic SQL injection and database takeover tool
<snip>
[09:31:20] [DEBUG] cleaning up configuration parameters
[09:31:20] [DEBUG] setting the HTTP timeout
[09:31:20] [DEBUG] setting the HTTP Cookie header
[09:31:20] [DEBUG] setting the HTTP method to GET
[09:31:20] [DEBUG] setting the HTTP proxy to pass by all HTTP requests
[09:31:20] [DEBUG] creating HTTP requests opener object
[09:31:20] [ERROR] [*] EH: start()
[09:31:20] [ERROR] [*] EH: conf.url and not any conf.forms...
[09:31:20] [INFO] using
'/root/checkout/sqlmap-gitsvn/output/s14513-20grcmuy.roma.coliseumlab.net/session'
as session file
[09:31:20] [INFO] testing connection to the target url
[09:31:20] [TRAFFIC OUT] HTTP request [#1]:
GET /vote.php HTTP/1.1
Accept-Encoding: identity
Accept-language: en-us,en;q=0.5
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
User-agent: sqlmap/1.0-dev (http://www.sqlmap.org)
Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7
Host: s14513-20grcmuy.roma.coliseumlab.net
Cookie: PHPSESSID=l82mfmirthmukct3kp7sj3gji2; username=MzAx
Pragma: no-cache
Cache-control: no-cache,no-store
Connection: close

Thanks,
Abu

------------------------------------------------------------------------------
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to