Nevertheless, with the latest commit that check should be "neutralized"
now. Could you please retry it now?
Kind regards,
Miroslav Stampar
On Sun, Apr 14, 2013 at 12:59 AM, Miroslav Stampar <
miroslav.stam...@gmail.com> wrote:
> Hi Dirk.
>
> Well, I would say that you have an expired cookie. Do you see that value
> 0? That value should be a valid UNIX time representing time of cookie
> expiration. Also, I've just tested that cookie of yours and sqlmap says:
> "[WARNING] cookie '....' has expired"
>
> Kind regards,
> Miroslav Stampar
>
>
> On Sat, Apr 13, 2013 at 12:54 PM, Dirk Wetter <s...@drwetter.org> wrote:
>
>>
>> Hi Miroslav,
>>
>> thx for your prompt answer.
>>
>> On 04/12/2013 07:45 PM, Miroslav Stampar wrote:
>> > Hi Dirk.
>> >
>> > Could you please get the latest revision and retry it again?
>> ed5599f: almost the same: with cookie in the header sqlmap takes only
>> this one.
>> The slight difference seems to be that in the case where I didn't supply
>> a cookie
>> sqlmap doesn't use any cookie at all, i.e. now not the one from the
>> server anymore.
>> >
>> > There was a situation where info messages have been wrongly written
>> that original response contained Set-Cookie in situations like yours.
>> >
>> > In case that everything stays as it is, I'll need to ask you to provide
>> more details. For example, cookie file would be great.
>>
>> sure, here you go:
>>
>> --snip
>> # Netscape HTTP Cookie File
>> <FQDN> \t FALSE \t <path> \t TRUE \t 0 \t JSESSIONID \t
>> <Cookie>
>> [..]
>> --snap
>>
>> They are all session cookies. For easier reading here I put some blanks
>> in the line
>> above, in "cookie-file" there aren't any though. Cookies were generated
>> with
>> stompy and a shell script (looks he same as with
>> wget -S -O /dev/null --keep-session-cookies --save-cookies=<file> <URL>)
>>
>> Again: sqlmap doesn't hiccup/complain while eating my cookies file ;-)
>>
>> >
>> > Also, please make sure that the cookie file contains proper cookie(s) -
>> domain name should be the same as a domain of target, cookie needs to have
>> a proper valid time, etc.
>>
>> see above.
>>
>> Cheers,
>>
>> Dirk
>>
>> >
>> >
>> > On Fri, Apr 12, 2013 at 4:50 PM, Dirk Wetter <s...@drwetter.org<mailto:
>> s...@drwetter.org>> wrote:
>> >
>> > Hi Miroslav,
>> >
>> > yes unfortunately.
>> >
>> > If I omit the cookie line in the request header completely, sqlmap
>> > seems to take the first cookie issued by the server with set-cookie
>> (and
>> > put's it silently in).
>> >
>> > Cheers,
>> >
>> > Dirk
>> >
>> >
>> >
>> > On 04/12/2013 03:24 PM, Miroslav Stampar wrote:
>> > > Hi.
>> > >
>> > > And this is also happening if you are skipping "Cookie:
>> JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7" from the original request?
>> > >
>> > > Kind regards,
>> > > Miroslav Stampar
>> > >
>> > >
>> > > On Fri, Apr 12, 2013 at 3:10 PM, Dirk Wetter
>> > <s...@drwetter.org<mailto:
>> s...@drwetter.org> <mailto:s...@drwetter.org <mailto:s...@drwetter.org>>>
>> wrote:
>> > >
>> > >
>> > > Hi folks,
>> > >
>> > > .... that doesn't work for me. It always uses the cookie
>> supplied
>> > > (below in $REQUEST, or if I omit the line in $REQUEST the one
>> > > from the 1st server reply is being used)
>> > >
>> > > So what is wrong in here:
>> > >
>> > > cd ~/networking/tools/sqlmap/sqlmap-dev1.0-dev-ea12cce
>> > > ./sqlmap.py --ignore-proxy --force-ssl --beep \
>> > > --threads=8 -v 6 --load-cookies=$WD/cookie-file \
>> > > --level=2 --risk=2 -r $REQUEST
>> > >
>> > > The content of the file $REQUEST is:
>> > >
>> > > POST <URL> HTTP/1.1
>> > > Host: <HOST>
>> > > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US)
>> AppleWebKit/525.13 (KHTML, like Gecko)
>> > > Chrome/0.2.149.6 <http://0.2.149.6> <http://0.2.149.6>
>> Safari/525.13
>> > > Accept:
>> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
>> > > Accept-Language: en-US,en;q=0.5
>> > > Accept-Encoding: gzip, deflate
>> > > Referer: <Referer>
>> > > Cookie: JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7
>> > > Connection: keep-alive
>> > > Content-Type: application/x-www-form-urlencoded
>> > > Content-Length: 67
>> > >
>> > > <abunchofpostparams>
>> > >
>> > >
>> > > No hints that cookie-file is not in correct format (I've been
>> through this,
>> > > at least I think I so ;) ).
>> > >
>> > > Any insight would be much appreciated.
>> > >
>> > >
>> > > Cheers,
>> > >
>> > > Dirk
>> > >
>> > >
>> > >
>> ------------------------------------------------------------------------------
>> > > Precog is a next-generation analytics platform capable of
>> advanced
>> > > analytics on semi-structured data. The platform includes APIs
>> for building
>> > > apps and a phenomenal toolset for data science. Developers
>> can use
>> > > our toolset for easy data analysis & visualization. Get a
>> free account!
>> > > http://www2.precog.com/precogplatform/slashdotnewsletter
>> > > _______________________________________________
>> > > sqlmap-users mailing list
>> > > sqlmap-users@lists.sourceforge.net <mailto:
>> sqlmap-users@lists.sourceforge.net> <mailto:
>> sqlmap-users@lists.sourceforge.net <mailto:
>> sqlmap-users@lists.sourceforge.net>>
>> > > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>> > >
>> > >
>> > >
>> > >
>> > > --
>> > > Miroslav Stampar
>> > > http://about.me/stamparm
>> >
>> >
>> >
>> >
>> > --
>> > Miroslav Stampar
>> > http://about.me/stamparm
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
