Hi Miroslav, thx for your prompt answer.
On 04/12/2013 07:45 PM, Miroslav Stampar wrote: > Hi Dirk. > > Could you please get the latest revision and retry it again? ed5599f: almost the same: with cookie in the header sqlmap takes only this one. The slight difference seems to be that in the case where I didn't supply a cookie sqlmap doesn't use any cookie at all, i.e. now not the one from the server anymore. > > There was a situation where info messages have been wrongly written that > original response contained Set-Cookie in situations like yours. > > In case that everything stays as it is, I'll need to ask you to provide more > details. For example, cookie file would be great. sure, here you go: --snip # Netscape HTTP Cookie File <FQDN> \t FALSE \t <path> \t TRUE \t 0 \t JSESSIONID \t <Cookie> [..] --snap They are all session cookies. For easier reading here I put some blanks in the line above, in "cookie-file" there aren't any though. Cookies were generated with stompy and a shell script (looks he same as with wget -S -O /dev/null --keep-session-cookies --save-cookies=<file> <URL>) Again: sqlmap doesn't hiccup/complain while eating my cookies file ;-) > > Also, please make sure that the cookie file contains proper cookie(s) - > domain name should be the same as a domain of target, cookie needs to have a > proper valid time, etc. see above. Cheers, Dirk > > > On Fri, Apr 12, 2013 at 4:50 PM, Dirk Wetter <s...@drwetter.org > <mailto:s...@drwetter.org>> wrote: > > Hi Miroslav, > > yes unfortunately. > > If I omit the cookie line in the request header completely, sqlmap > seems to take the first cookie issued by the server with set-cookie (and > put's it silently in). > > Cheers, > > Dirk > > > > On 04/12/2013 03:24 PM, Miroslav Stampar wrote: > > Hi. > > > > And this is also happening if you are skipping "Cookie: > JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7" from the original request? > > > > Kind regards, > > Miroslav Stampar > > > > > > On Fri, Apr 12, 2013 at 3:10 PM, Dirk Wetter <s...@drwetter.org > <mailto:s...@drwetter.org> <mailto:s...@drwetter.org > <mailto:s...@drwetter.org>>> wrote: > > > > > > Hi folks, > > > > .... that doesn't work for me. It always uses the cookie supplied > > (below in $REQUEST, or if I omit the line in $REQUEST the one > > from the 1st server reply is being used) > > > > So what is wrong in here: > > > > cd ~/networking/tools/sqlmap/sqlmap-dev1.0-dev-ea12cce > > ./sqlmap.py --ignore-proxy --force-ssl --beep \ > > --threads=8 -v 6 --load-cookies=$WD/cookie-file \ > > --level=2 --risk=2 -r $REQUEST > > > > The content of the file $REQUEST is: > > > > POST <URL> HTTP/1.1 > > Host: <HOST> > > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US) > AppleWebKit/525.13 (KHTML, like Gecko) > > Chrome/0.2.149.6 <http://0.2.149.6> <http://0.2.149.6> Safari/525.13 > > Accept: > text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > > Accept-Language: en-US,en;q=0.5 > > Accept-Encoding: gzip, deflate > > Referer: <Referer> > > Cookie: JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7 > > Connection: keep-alive > > Content-Type: application/x-www-form-urlencoded > > Content-Length: 67 > > > > <abunchofpostparams> > > > > > > No hints that cookie-file is not in correct format (I've been > through this, > > at least I think I so ;) ). > > > > Any insight would be much appreciated. > > > > > > Cheers, > > > > Dirk > > > > > > > ------------------------------------------------------------------------------ > > Precog is a next-generation analytics platform capable of advanced > > analytics on semi-structured data. The platform includes APIs for > building > > apps and a phenomenal toolset for data science. Developers can use > > our toolset for easy data analysis & visualization. Get a free > account! > > http://www2.precog.com/precogplatform/slashdotnewsletter > > _______________________________________________ > > sqlmap-users mailing list > > sqlmap-users@lists.sourceforge.net > <mailto:sqlmap-users@lists.sourceforge.net> > <mailto:sqlmap-users@lists.sourceforge.net > <mailto:sqlmap-users@lists.sourceforge.net>> > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > > > > > > -- > > Miroslav Stampar > > http://about.me/stamparm > > > > > -- > Miroslav Stampar > http://about.me/stamparm ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
