Hey,

burp acts as you suspected. Here's an example of https://google.de
logged from a burp pro v1.4.12:

======================================================
11:05:56  https://www.google.de:443  [173.194.35.184]
======================================================
GET / HTTP/1.1
Host: www.google.de
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0) Gecko/20100101
Firefox/15.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: de-de,de;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
DNT: 1
Connection: keep-alive
Cookie: xxx
Pragma: no-cache
Cache-Control: no-cache


======================================================

The same goes for burp's "Copy to File" feature. I usually use the
--force-ssl flag to circumvent this.

Cheers,
Dennis


Am 09.10.2012 10:49, schrieb Miroslav Stampar:
> Hi again.
>
> It's a preamble, but the request itself is down below. We process
> requests, not preambles. As we need to support generic LOG files, we
> are "hunting" for requests itself.
>
> If somebody could confirm that Burp really strips any HTTPS "tips"
> from the requests and just puts those in preambles (like in your
> case), I'll gladly do the "patching".
>
> Kind regards,
> Miroslav Stampar
>
> On Tue, Oct 9, 2012 at 10:44 AM, Karel Marhoul <rezorci...@seznam.cz
> <mailto:rezorci...@seznam.cz>> wrote:
>
>     Hello Miroslav, there is a mention of port 443 in the request
>     "preamble", see:
>
>     >     ======================================================
>     >     12:40:22 https://www.xxx.cz:443  [81.91.80.92]
>     >     ======================================================
>
>     That specific request came from HTTPS page and landed toward HTTP,
>     I'm sure of that.
>
>     I suggest sqlmap log parser should first look at the port in the
>     request preamble and then send the request to this port - is that
>     possible to implement?
>
>     Regards
>
>     Karel
>
>     On 9.10.2012 10:30, Miroslav Stampar wrote:
>
>         Hi Karel.
>
>         Strictly speaking there is no bug here. If you take a look
>         carefully
>         into the HTTP request inside you'll see that there is no
>         mention of
>         either HTTPS nor 443 inside the request itself. It seems like the
>         request came from the https page (referer header), but landed
>         toward the
>         HTTP land.
>
>         I would suggest you to just try to append the :443 to the Host
>         header
>         value (Host: www.xxx.cz <http://www.xxx.cz>
>         <http://www.xxx.cz> -> Host: www.xxx.cz:443
>         <http://www.xxx.cz:443>
>         <http://www.xxx.cz:443>)
>
>         Kind regards,
>         Miroslav Stampar
>
>         On Sun, Oct 7, 2012 at 1:37 PM, Karel Marhoul
>         <rezorci...@seznam.cz <mailto:rezorci...@seznam.cz>
>         <mailto:rezorci...@seznam.cz <mailto:rezorci...@seznam.cz>>>
>         wrote:
>
>             Hello, I came across a bug while using sqlmap with -l
>         parameter. I have
>             burp log file with following content (only one request to
>         https port):
>
>             ======================================================
>             12:40:22 https://www.xxx.cz:443  [81.91.80.92]
>             ======================================================
>             GET
>            
>         
> /index.php?option=com_thumber&view=thumb&format=image&path=images/cups/web-xxx-klub_ikona-spion.jpg&newX=160&newY=120
>             HTTP/1.1
>             Host: www.xxx.cz <http://www.xxx.cz> <http://www.xxx.cz>
>             User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:15.0)
>         Gecko/20100101
>             Firefox/15.0.1
>             Accept: image/png,image/*;q=0.8,*/*;q=0.5
>             Accept-Language: en-us,en;q=0.5
>             Accept-Encoding: gzip, deflate
>             Connection: keep-alive
>             Referer: https://www.xxx.cz/
>             Cookie:
>         __utma=148540003.1998141124.1349164485.1349423437.1349599213.20;
>            
>         
> __utmz=148540003.1349164485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
>             theme_cookie=life;
>             e6da1f1e61cfd387eff8fb211613796e=3c29965kggoo45p49dhrs1npq0;
>             __utmc=148540003
>             Cache-Control: max-age=0
>
>             ======================================================
>
>             Then I start sqlmap this way:
>
>             ./sqlmap.py -l /root/burp.log --batch --threads=10
>             --scope=www.xxx.cz <http://www.xxx.cz> <http://www.xxx.cz>
>
>             And sqlmap instead of sending request to https (443) port
>         it will use
>             http (80) port instead:
>
>             ---------------------------------------------------------
>             [13:21:55] [INFO] using regular expression 'www.xxx.cz
>         <http://www.xxx.cz>
>             <http://www.xxx.cz>' for filtering
>             targets
>             [13:21:55] [INFO] sqlmap parsed 1 testable requests from
>         the targets
>             list
>             [13:21:55] [INFO] url 1:
>             GET
>            
>         
> http://www.xxx.cz:80/index.php?option=com_thumber&view=thumb&format=image&path=images/cups/web-xxx-klub_ikona-spion.jpg&newX=160&newY=120
>             Cookie:
>         __utma=148540003.1998141124.1349164485.1349423437.1349599213.20;
>            
>         
> __utmz=148540003.1349164485.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);
>             theme_cookie=life;
>             e6da1f1e61cfd387eff8fb211613796e=3c29965kggoo45p49dhrs1npq0;
>             __utmc=148540003
>             do you want to test this url? [Y/n/q]
>               > Y
>             [snip]
>             ---------------------------------------------------------
>
>             Could you please fix this?
>
>             Regards
>
>             Karel Marhoul
>
>            
>         
> ------------------------------------------------------------------------------
>             Don't let slow site performance ruin your business. Deploy
>         New Relic APM
>             Deploy New Relic app performance management and know exactly
>             what is happening inside your Ruby, Python, PHP, Java, and
>         .NET app
>             Try New Relic at no cost today and get our sweet Data Nerd
>         shirt too!
>             http://p.sf.net/sfu/newrelic-dev2dev
>             _______________________________________________
>             sqlmap-users mailing list
>             sqlmap-users@lists.sourceforge.net
>         <mailto:sqlmap-users@lists.sourceforge.net>
>             <mailto:sqlmap-users@lists.sourceforge.net
>         <mailto:sqlmap-users@lists.sourceforge.net>>
>             https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
>
>         --
>         Miroslav Stampar
>         http://about.me/stamparm
>
>
>
>
>
> -- 
> Miroslav Stampar
> http://about.me/stamparm
>
>
> ------------------------------------------------------------------------------
> Don't let slow site performance ruin your business. Deploy New Relic APM
> Deploy New Relic app performance management and know exactly
> what is happening inside your Ruby, Python, PHP, Java, and .NET app
> Try New Relic at no cost today and get our sweet Data Nerd shirt too!
> http://p.sf.net/sfu/newrelic-dev2dev
>
>
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users

------------------------------------------------------------------------------
Don't let slow site performance ruin your business. Deploy New Relic APM
Deploy New Relic app performance management and know exactly
what is happening inside your Ruby, Python, PHP, Java, and .NET app
Try New Relic at no cost today and get our sweet Data Nerd shirt too!
http://p.sf.net/sfu/newrelic-dev2dev
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to