Hi Miroslav, yes unfortunately.
If I omit the cookie line in the request header completely, sqlmap seems to take the first cookie issued by the server with set-cookie (and put's it silently in). Cheers, Dirk On 04/12/2013 03:24 PM, Miroslav Stampar wrote: > Hi. > > And this is also happening if you are skipping "Cookie: > JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7" from the original request? > > Kind regards, > Miroslav Stampar > > > On Fri, Apr 12, 2013 at 3:10 PM, Dirk Wetter <s...@drwetter.org > <mailto:s...@drwetter.org>> wrote: > > > Hi folks, > > .... that doesn't work for me. It always uses the cookie supplied > (below in $REQUEST, or if I omit the line in $REQUEST the one > from the 1st server reply is being used) > > So what is wrong in here: > > cd ~/networking/tools/sqlmap/sqlmap-dev1.0-dev-ea12cce > ./sqlmap.py --ignore-proxy --force-ssl --beep \ > --threads=8 -v 6 --load-cookies=$WD/cookie-file \ > --level=2 --risk=2 -r $REQUEST > > The content of the file $REQUEST is: > > POST <URL> HTTP/1.1 > Host: <HOST> > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) > AppleWebKit/525.13 (KHTML, like Gecko) > Chrome/0.2.149.6 <http://0.2.149.6> Safari/525.13 > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > Accept-Language: en-US,en;q=0.5 > Accept-Encoding: gzip, deflate > Referer: <Referer> > Cookie: JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7 > Connection: keep-alive > Content-Type: application/x-www-form-urlencoded > Content-Length: 67 > > <abunchofpostparams> > > > No hints that cookie-file is not in correct format (I've been through > this, > at least I think I so ;) ). > > Any insight would be much appreciated. > > > Cheers, > > Dirk > > > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > <mailto:sqlmap-users@lists.sourceforge.net> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > -- > Miroslav Stampar > http://about.me/stamparm ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
