Well, so if I understand it right. Currently, --safe-url receives the
URL to which the post request is going to be sent.
--safe-post receives *only* POST data, no HTTP headers etc.
There is no possibility to send some specific cookies or other HTTP
headers currently with this safe thing. Am I right?
Thanks for clarification. I am sorry if my description of problem wasn't
exact enough.
Vojta
On 22.4.2015 14:52, Miroslav Stampar wrote:
> I'll just repeat a sentence from your original message:
>
> "Is there any possibility to supply a post request to safeurl?"
>
> Bye
>
> On Wed, Apr 22, 2015 at 2:29 PM, Vojtěch Polášek <krec...@gmail.com
> <mailto:krec...@gmail.com>> wrote:
>
> Hi,
> I tried your new --safe-post and it doesn't seem to fullfill my
> needs. I need to submit in this url same cookies as in requests
> for SQL injection etc. Would it be possible to provide something
> like --safe-request and read request from a file?
> Thanks,
> Vojta
>
>
> On 20.4.2015 23:56, Miroslav Stampar wrote:
>> Done (usage e.g. --safe-url=... --safe-post="foo=bar&...").
>>
>> Bye
>>
>> On Mon, Apr 20, 2015 at 10:26 PM, Miroslav Stampar
>> <miroslav.stam...@gmail.com <mailto:miroslav.stam...@gmail.com>>
>> wrote:
>>
>> Pushing the patch in couple of hours.
>>
>> Bye
>>
>> On Mon, Apr 20, 2015 at 8:37 PM, Brandon Perry
>> <bperry.volat...@gmail.com
>> <mailto:bperry.volat...@gmail.com>> wrote:
>>
>> Ah, good point. Hadn't thought about that. Also,
>> requiring a POST request does make it difficult.
>>
>> On Mon, Apr 20, 2015 at 1:36 PM, Johnathon Doe
>> <hood3dro...@gmail.com <mailto:hood3dro...@gmail.com>> wrote:
>>
>> I dont think second order option will work as that is
>> specifiing where to look for injection results, which
>> might result in your underlying injection failing if
>> the results are not to be found there.
>>
>> There is however options in latest version that
>> appear to be for just this type of situation
>> (although I personally haven't used them just yet):
>> --safe-url=SAFURL URL address to visit
>> frequently during testing
>> --safe-freq=SAFREQ Test requests between two
>> visits to a given safe URL
>>
>> I believe this will ensure your session remains
>> active during scan.
>>
>> There is also the options for CSRF tokens to be
>> snagged and parsed via:
>> --csrf-token=CSR.. Parameter used to hold
>> anti-CSRF token
>> --csrf-url=CSRFURL URL address to visit to
>> extract anti-CSRF token
>>
>> In case the csrf token needs to be refreshed for each
>> injection (when injecting into forms and other
>> typical POST injections and such).
>>
>> On Mon, Apr 20, 2015 at 1:22 PM, Brandon Perry
>> <bperry.volat...@gmail.com
>> <mailto:bperry.volat...@gmail.com>> wrote:
>>
>> However, that being said, I have run into this
>> before and had to write my own exploits to fully
>> exploit the vulnerability.
>>
>> On Mon, Apr 20, 2015 at 1:21 PM, Brandon Perry
>> <bperry.volat...@gmail.com
>> <mailto:bperry.volat...@gmail.com>> wrote:
>>
>> There is a second order parameter, it could
>> be used to perform this. It would be
>> requested after ever injected request were sent.
>>
>> On Mon, Apr 20, 2015 at 1:18 PM, Vojtěch
>> Polášek <krec...@gmail.com
>> <mailto:krec...@gmail.com>> wrote:
>>
>> Greetings,
>> I am testing an application which I
>> suspect to log me out if I don't
>> send certain post request in certain time
>> interval.
>> Is this possible to do with Sqlmap? I
>> know that there is a parameter
>> which lets me to run any python code
>> before every request. But it is not
>> so nice, let's say.
>> Is there any possibility to supply a post
>> request to safeurl? Is there
>> anything like this planed?
>> Thank you very much,
>> Vojta
>>
>>
>> ------------------------------------------------------------------------------
>> BPM Camp - Free Virtual Workshop May 6th
>> at 10am PDT/1PM EDT
>> Develop your own process in accordance
>> with the BPMN 2 standard
>> Learn Process modeling best practices
>> with Bonita BPM through live exercises
>>
>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>> event?utm_
>>
>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> <mailto:sqlmap-users@lists.sourceforge.net>
>>
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>>
>>
>> --
>> http://volatile-minds.blogspot.com -- blog
>> http://www.volatileminds.net -- website
>>
>>
>>
>>
>> --
>> http://volatile-minds.blogspot.com -- blog
>> http://www.volatileminds.net -- website
>>
>>
>> ------------------------------------------------------------------------------
>> BPM Camp - Free Virtual Workshop May 6th at 10am
>> PDT/1PM EDT
>> Develop your own process in accordance with the
>> BPMN 2 standard
>> Learn Process modeling best practices with Bonita
>> BPM through live exercises
>>
>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>> event?utm_
>>
>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> <mailto:sqlmap-users@lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>>
>>
>>
>> --
>> http://volatile-minds.blogspot.com -- blog
>> http://www.volatileminds.net -- website
>>
>>
>> ------------------------------------------------------------------------------
>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>> Develop your own process in accordance with the BPMN 2
>> standard
>> Learn Process modeling best practices with Bonita BPM
>> through live exercises
>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>> event?utm_
>>
>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> <mailto:sqlmap-users@lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>>
>>
>> --
>> Miroslav Stampar
>> http://about.me/stamparm
>>
>>
>>
>>
>> --
>> Miroslav Stampar
>> http://about.me/stamparm
>>
>>
>>
>> ------------------------------------------------------------------------------
>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>> Develop your own process in accordance with the BPMN 2 standard
>> Learn Process modeling best practices with Bonita BPM through live
>> exercises
>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>> event?utm_
>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>>
>>
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> <mailto:sqlmap-users@lists.sourceforge.net>
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live
> exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
> event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> <mailto:sqlmap-users@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
