Re: [sqlmap-users] signing requests before sending them

Fri, 25 Jan 2013 06:14:16 -0800 

Well, an example of a valid request to the server looks something like this:
http://myserver.com/createUser.xml?name=Bob&phone=0789123456&password=qwerty&sig=3cd7a0db76ff9dca48979e24c39b408c
with name, phone, password being regular parameters and sig being the hash of the params value, or in other words: 
sig = md5(bob:phone:qwerty:secretkey)
The server first checks the sig parameter and reject the request if it does not match its own calculation.
I have a python script to compute the sig value using the secret key so I just would like to access any sqlmap request before it is actually send in order to append the sig parameter and its value, i.e. "&sig=3cd7a0db76ff9dca48979e24c39b408c".
My question is whether that can be done with the --eval switch or if that requires me to go into the source code of sqlmap and add this functionality 

Thanks a lot for your help.
Regards,
Boris

On 24/01/13 18:17, Miroslav Stampar wrote:


Hi.

Could you please give more information?

Kind regards,
Miroslav Stampar
Dana 24.1.2013. 18:56 "Boris Chazalet" <boris.chaza...@orange.com <mailto:boris.chaza...@orange.com>> je napisao/la: 

    Hi,

    I need to sign the requests with a secret key before sending it to the
    server for them to be accepted. More precisely, I need to hash the
    different request parameters together with a secret key and to add
    that
    hash as an extra parameter in the final URL.

    Is that something that can be done with the --eval switch or do I need
    to modify the source code?

    Regards,
    Boris



    
------------------------------------------------------------------------------
    Master Visual Studio, SharePoint, SQL, ASP.NET <http://ASP.NET>,
    C# 2012, HTML5, CSS,
    MVC, Windows 8 Apps, JavaScript and much more. Keep your skills
    current
    with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
    MVPs and experts. ON SALE this month only -- learn more at:
    http://p.sf.net/sfu/learnnow-d2d
    _______________________________________________
    sqlmap-users mailing list
    sqlmap-users@lists.sourceforge.net
    <mailto:sqlmap-users@lists.sourceforge.net>
    https://lists.sourceforge.net/lists/listinfo/sqlmap-users




------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users

Reply via email to