I'll just repeat a sentence from your original message:
"Is there any possibility to supply a post request to safeurl?"
Bye
On Wed, Apr 22, 2015 at 2:29 PM, Vojtěch Polášek <krec...@gmail.com> wrote:
> Hi,
> I tried your new --safe-post and it doesn't seem to fullfill my needs. I
> need to submit in this url same cookies as in requests for SQL injection
> etc. Would it be possible to provide something like --safe-request and read
> request from a file?
> Thanks,
> Vojta
>
>
> On 20.4.2015 23:56, Miroslav Stampar wrote:
>
> Done (usage e.g. --safe-url=... --safe-post="foo=bar&...").
>
> Bye
>
> On Mon, Apr 20, 2015 at 10:26 PM, Miroslav Stampar <
> miroslav.stam...@gmail.com> wrote:
>
>> Pushing the patch in couple of hours.
>>
>> Bye
>>
>> On Mon, Apr 20, 2015 at 8:37 PM, Brandon Perry <bperry.volat...@gmail.com
>> > wrote:
>>
>>> Ah, good point. Hadn't thought about that. Also, requiring a POST
>>> request does make it difficult.
>>>
>>> On Mon, Apr 20, 2015 at 1:36 PM, Johnathon Doe <hood3dro...@gmail.com>
>>> wrote:
>>>
>>>> I dont think second order option will work as that is specifiing
>>>> where to look for injection results, which might result in your underlying
>>>> injection failing if the results are not to be found there.
>>>>
>>>> There is however options in latest version that appear to be for just
>>>> this type of situation (although I personally haven't used them just yet):
>>>> --safe-url=SAFURL URL address to visit frequently during testing
>>>> --safe-freq=SAFREQ Test requests between two visits to a given
>>>> safe URL
>>>>
>>>> I believe this will ensure your session remains active during scan.
>>>>
>>>> There is also the options for CSRF tokens to be snagged and parsed via:
>>>> --csrf-token=CSR.. Parameter used to hold anti-CSRF token
>>>> --csrf-url=CSRFURL URL address to visit to extract anti-CSRF token
>>>>
>>>> In case the csrf token needs to be refreshed for each injection (when
>>>> injecting into forms and other typical POST injections and such).
>>>>
>>>> On Mon, Apr 20, 2015 at 1:22 PM, Brandon Perry <
>>>> bperry.volat...@gmail.com> wrote:
>>>>
>>>>> However, that being said, I have run into this before and had to write
>>>>> my own exploits to fully exploit the vulnerability.
>>>>>
>>>>> On Mon, Apr 20, 2015 at 1:21 PM, Brandon Perry <
>>>>> bperry.volat...@gmail.com> wrote:
>>>>>
>>>>>> There is a second order parameter, it could be used to perform this.
>>>>>> It would be requested after ever injected request were sent.
>>>>>>
>>>>>> On Mon, Apr 20, 2015 at 1:18 PM, Vojtěch Polášek <krec...@gmail.com>
>>>>>> wrote:
>>>>>>
>>>>>>> Greetings,
>>>>>>> I am testing an application which I suspect to log me out if I don't
>>>>>>> send certain post request in certain time interval.
>>>>>>> Is this possible to do with Sqlmap? I know that there is a parameter
>>>>>>> which lets me to run any python code before every request. But it is
>>>>>>> not
>>>>>>> so nice, let's say.
>>>>>>> Is there any possibility to supply a post request to safeurl? Is
>>>>>>> there
>>>>>>> anything like this planed?
>>>>>>> Thank you very much,
>>>>>>> Vojta
>>>>>>>
>>>>>>>
>>>>>>> ------------------------------------------------------------------------------
>>>>>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>>>>>>> Develop your own process in accordance with the BPMN 2 standard
>>>>>>> Learn Process modeling best practices with Bonita BPM through live
>>>>>>> exercises
>>>>>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>>>>>>> event?utm_
>>>>>>>
>>>>>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>>>>>>> _______________________________________________
>>>>>>> sqlmap-users mailing list
>>>>>>> sqlmap-users@lists.sourceforge.net
>>>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> http://volatile-minds.blogspot.com -- blog
>>>>>> http://www.volatileminds.net -- website
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> http://volatile-minds.blogspot.com -- blog
>>>>> http://www.volatileminds.net -- website
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>>>>> Develop your own process in accordance with the BPMN 2 standard
>>>>> Learn Process modeling best practices with Bonita BPM through live
>>>>> exercises
>>>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>>>>> event?utm_
>>>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>>>>> _______________________________________________
>>>>> sqlmap-users mailing list
>>>>> sqlmap-users@lists.sourceforge.net
>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> http://volatile-minds.blogspot.com -- blog
>>> http://www.volatileminds.net -- website
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>>> Develop your own process in accordance with the BPMN 2 standard
>>> Learn Process modeling best practices with Bonita BPM through live
>>> exercises
>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>>> event?utm_
>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sqlmap-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>>
>>
>>
>> --
>> Miroslav Stampar
>> http://about.me/stamparm
>>
>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live
> exerciseshttp://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
> event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>
>
>
> _______________________________________________
> sqlmap-users mailing
> listsqlmap-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
>
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live
> exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
> event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
