Hi Dirk.
Now that crash should be "patched".
Could you please retry it now and say if the latest revision suits your
needs?
Kind regards,
Miroslav Stampar
On Mon, Apr 15, 2013 at 11:36 AM, Dirk Wetter <s...@drwetter.org> wrote:
>
>
> On 04/14/2013 01:14 AM, Miroslav Stampar wrote:
> > Nevertheless, with the latest commit that check should be "neutralized"
> now. Could you please retry it now?
>
> thx, Miroslav. I tried (b6fee63) but this time the cookie parser lib
> hiccups, using the same file:
>
> /usr/lib64/python2.7/_MozillaCookieJar.py:109: UserWarning: cookielib bug!
> Traceback (most recent call last):
> File "/usr/lib64/python2.7/_MozillaCookieJar.py", line 82, in
> _really_load
> assert domain_specified == initial_dot
> AssertionError
>
> _warn_unhandled_exception()
> [11:13:26] [CRITICAL] there was a problem loading cookies file ('invalid
> Netscape format cookies file '/tmp/sqlmapcj-pbP7P1':
> '<FQDN>\tTRUE\t<PATH>\tTRUE\t9999999999\tJSESSIONID\t6ADFAA167AA89CF993061E5CACEF46C9'')
>
> the 999.. looks strange to me.
>
> >
> >
> > On Sun, Apr 14, 2013 at 12:59 AM, Miroslav Stampar <
> miroslav.stam...@gmail.com <mailto:miroslav.stam...@gmail.com>> wrote:
> >
> > Hi Dirk.
> >
> > Well, I would say that you have an expired cookie. Do you see that
> value 0? That value should be a valid UNIX time representing time of cookie
> expiration. Also, I've just tested that cookie of yours and sqlmap says:
> "[WARNING] cookie '....' has expired"
> >
>
> that's true but IMO 0 represents just a session cookie. Example:
>
> prompt% wget -q -O /dev/null --keep-session-cookies
> --save-cookies=/dev/stdout bing.com
> # HTTP cookie file.
> # Generated by Wget on 2013-04-15 11:23:13.
> # Edit at your own risk.
>
> .bing.com TRUE / FALSE 1429089794 SRCHUSR
> AUTOREDIR=0&GEOVAR=&DOB=20130415
> .bing.com TRUE / FALSE 1429089794 SRCHD
> D=2781203&MS=2781203&AF=NOFORM
> .bing.com TRUE / FALSE 1429089794 OrigMUID
> 333995A69E06630B2EB491169F016314%2cfc3b876c239e43d4bfc1544927289abe
> .bing.com TRUE / FALSE 1429089794 MUID
> 333995A69E06630B2EB491169F016314
> .bing.com TRUE / FALSE 0 _SS
> SID=B954CB7EDF8643CABAD8013F27A241E7
> .bing.com TRUE / FALSE 0 _HOP
> .bing.com TRUE / FALSE 0 _FS NU=1
> .bing.com TRUE / FALSE 1429089794 _FP EM=1
> www.bing.com FALSE / FALSE 1429089794 SRCHUID
> V=2&GUID=975091780DFF407DA9DD07139FD97C4D
> www.bing.com FALSE / FALSE 1429089794 MUIDB
> 333995A69E06630B2EB491169F016314
>
> prompt%
>
> Same parser problem btw if I edit the cookie file and put 1429089794 unix
> time instead of 0 in there.
>
> Ok: With the prev rev ed5599f it reads this file ok (no session cookies
> but cookies w/ expiration date) and uses the last
> cookie only for the first 120 tries.
>
> Cheers, Dirk
>
>
> >
> > Kind regards,
> > Miroslav Stampar
> >
> >
> > On Sat, Apr 13, 2013 at 12:54 PM, Dirk Wetter <s...@drwetter.org<mailto:
> s...@drwetter.org>> wrote:
> >
> >
> > Hi Miroslav,
> >
> > thx for your prompt answer.
> >
> > On 04/12/2013 07:45 PM, Miroslav Stampar wrote:
> > > Hi Dirk.
> > >
> > > Could you please get the latest revision and retry it again?
> > ed5599f: almost the same: with cookie in the header sqlmap takes
> only this one.
> > The slight difference seems to be that in the case where I
> didn't supply a cookie
> > sqlmap doesn't use any cookie at all, i.e. now not the one from
> the server anymore.
> > >
> > > There was a situation where info messages have been wrongly
> written that original response contained Set-Cookie in situations like
> yours.
> > >
> > > In case that everything stays as it is, I'll need to ask you
> to provide more details. For example, cookie file would be great.
> >
> > sure, here you go:
> >
> > --snip
> > # Netscape HTTP Cookie File
> > <FQDN> \t FALSE \t <path> \t TRUE \t 0 \t JSESSIONID
> \t <Cookie>
> > [..]
> > --snap
> >
> > They are all session cookies. For easier reading here I put some
> blanks in the line
> > above, in "cookie-file" there aren't any though. Cookies were
> generated with
> > stompy and a shell script (looks he same as with
> > wget -S -O /dev/null --keep-session-cookies
> --save-cookies=<file> <URL>)
> >
> > Again: sqlmap doesn't hiccup/complain while eating my cookies
> file ;-)
> >
> > >
> > > Also, please make sure that the cookie file contains proper
> cookie(s) - domain name should be the same as a domain of target, cookie
> needs to have a proper valid time, etc.
> >
> > see above.
> >
> > Cheers,
> >
> > Dirk
> >
> > >
> > >
> > > On Fri, Apr 12, 2013 at 4:50 PM, Dirk Wetter <
> s...@drwetter.org <mailto:s...@drwetter.org> <mailto:s...@drwetter.org<mailto:
> s...@drwetter.org>>> wrote:
> > >
> > > Hi Miroslav,
> > >
> > > yes unfortunately.
> > >
> > > If I omit the cookie line in the request header
> completely, sqlmap
> > > seems to take the first cookie issued by the server with
> set-cookie (and
> > > put's it silently in).
> > >
> > > Cheers,
> > >
> > > Dirk
> > >
> > >
> > >
> > > On 04/12/2013 03:24 PM, Miroslav Stampar wrote:
> > > > Hi.
> > > >
> > > > And this is also happening if you are skipping "Cookie:
> JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7" from the original request?
> > > >
> > > > Kind regards,
> > > > Miroslav Stampar
> > > >
> > > >
> > > > On Fri, Apr 12, 2013 at 3:10 PM, Dirk Wetter <
> s...@drwetter.org <mailto:s...@drwetter.org> <mailto:s...@drwetter.org<mailto:
> s...@drwetter.org>> <mailto:s...@drwetter.org <mailto:s...@drwetter.org>
> <mailto:s...@drwetter.org <mailto:s...@drwetter.org>>>> wrote:
> > > >
> > > >
> > > > Hi folks,
> > > >
> > > > .... that doesn't work for me. It always uses the
> cookie supplied
> > > > (below in $REQUEST, or if I omit the line in
> $REQUEST the one
> > > > from the 1st server reply is being used)
> > > >
> > > > So what is wrong in here:
> > > >
> > > > cd
> ~/networking/tools/sqlmap/sqlmap-dev1.0-dev-ea12cce
> > > > ./sqlmap.py --ignore-proxy --force-ssl --beep \
> > > > --threads=8 -v 6 --load-cookies=$WD/cookie-file \
> > > > --level=2 --risk=2 -r $REQUEST
> > > >
> > > > The content of the file $REQUEST is:
> > > >
> > > > POST <URL> HTTP/1.1
> > > > Host: <HOST>
> > > > User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2;
> en-US) AppleWebKit/525.13 (KHTML, like Gecko)
> > > > Chrome/0.2.149.6 <http://0.2.149.6> <
> http://0.2.149.6> <http://0.2.149.6> Safari/525.13
> > > > Accept:
> text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
> > > > Accept-Language: en-US,en;q=0.5
> > > > Accept-Encoding: gzip, deflate
> > > > Referer: <Referer>
> > > > Cookie: JSESSIONID=C2E79FD79E967D3E3BA52EE67F8824D7
> > > > Connection: keep-alive
> > > > Content-Type: application/x-www-form-urlencoded
> > > > Content-Length: 67
> > > >
> > > > <abunchofpostparams>
> > > >
> > > >
> > > > No hints that cookie-file is not in correct format
> (I've been through this,
> > > > at least I think I so ;) ).
> > > >
> > > > Any insight would be much appreciated.
> > > >
> > > >
> > > > Cheers,
> > > >
> > > > Dirk
> > > >
> > > >
> > > >
> ------------------------------------------------------------------------------
> > > > Precog is a next-generation analytics platform
> capable of advanced
> > > > analytics on semi-structured data. The platform
> includes APIs for building
> > > > apps and a phenomenal toolset for data science.
> Developers can use
> > > > our toolset for easy data analysis & visualization.
> Get a free account!
> > > >
> http://www2.precog.com/precogplatform/slashdotnewsletter
> > > > _______________________________________________
> > > > sqlmap-users mailing list
> > > > sqlmap-users@lists.sourceforge.net <mailto:
> sqlmap-users@lists.sourceforge.net> <mailto:
> sqlmap-users@lists.sourceforge.net <mailto:
> sqlmap-users@lists.sourceforge.net>> <mailto:
> sqlmap-users@lists.sourceforge.net <mailto:
> sqlmap-users@lists.sourceforge.net> <mailto:
> sqlmap-users@lists.sourceforge.net <mailto:
> sqlmap-users@lists.sourceforge.net>>>
> > > >
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
> > > >
> > > >
> > > >
> > > >
> > > > --
> > > > Miroslav Stampar
> > > > http://about.me/stamparm
> > >
> > >
> > >
> > >
> > > --
> > > Miroslav Stampar
> > > http://about.me/stamparm
> >
> >
> >
> >
> > --
> > Miroslav Stampar
> > http://about.me/stamparm
> >
> >
> >
> >
> > --
> > Miroslav Stampar
> > http://about.me/stamparm
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
