Hello, I came across a bug while using sqlmap with -l parameter. I have burp log file with following content (only one request to https port):
====================================================== 12:40:22 https://www.xxx.cz:443 [81.91.80.92] ====================================================== GET /index.php?option=com_thumber&view=thumb&format=image&path=images/cups/web-xxx-klub_ikona-spion.jpg&newX=160&newY=120 HTTP/1.1 Host: www.xxx.cz User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101 Firefox/15.0.1 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Referer: https://www.xxx.cz/ Cookie: __utma=148540003.1998141124.1349164485.1349423437.1349599213.20; __utmz=148540003.1349164485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); theme_cookie=life; e6da1f1e61cfd387eff8fb211613796e=3c29965kggoo45p49dhrs1npq0; __utmc=148540003 Cache-Control: max-age=0 ====================================================== Then I start sqlmap this way: ./sqlmap.py -l /root/burp.log --batch --threads=10 --scope=www.xxx.cz And sqlmap instead of sending request to https (443) port it will use http (80) port instead: --------------------------------------------------------- [13:21:55] [INFO] using regular expression 'www.xxx.cz' for filtering targets [13:21:55] [INFO] sqlmap parsed 1 testable requests from the targets list [13:21:55] [INFO] url 1: GET http://www.xxx.cz:80/index.php?option=com_thumber&view=thumb&format=image&path=images/cups/web-xxx-klub_ikona-spion.jpg&newX=160&newY=120 Cookie: __utma=148540003.1998141124.1349164485.1349423437.1349599213.20; __utmz=148540003.1349164485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); theme_cookie=life; e6da1f1e61cfd387eff8fb211613796e=3c29965kggoo45p49dhrs1npq0; __utmc=148540003 do you want to test this url? [Y/n/q] > Y [snip] --------------------------------------------------------- Could you please fix this? Regards Karel Marhoul ------------------------------------------------------------------------------ Don't let slow site performance ruin your business. Deploy New Relic APM Deploy New Relic app performance management and know exactly what is happening inside your Ruby, Python, PHP, Java, and .NET app Try New Relic at no cost today and get our sweet Data Nerd shirt too! http://p.sf.net/sfu/newrelic-dev2dev _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
