Please update to the latest revision and use:
--safe-req=...req.txt --safe-freq=...
Bye
On Wed, Apr 22, 2015 at 3:08 PM, Vojtěch Polášek <krec...@gmail.com> wrote:
> Well, so if I understand it right. Currently, --safe-url receives the URL
> to which the post request is going to be sent.
> --safe-post receives *only* POST data, no HTTP headers etc.
> There is no possibility to send some specific cookies or other HTTP
> headers currently with this safe thing. Am I right?
> Thanks for clarification. I am sorry if my description of problem wasn't
> exact enough.
> Vojta
>
> On 22.4.2015 14:52, Miroslav Stampar wrote:
>
> I'll just repeat a sentence from your original message:
>
> "Is there any possibility to supply a post request to safeurl?"
>
> Bye
>
> On Wed, Apr 22, 2015 at 2:29 PM, Vojtěch Polášek <krec...@gmail.com>
> wrote:
>
>> Hi,
>> I tried your new --safe-post and it doesn't seem to fullfill my needs. I
>> need to submit in this url same cookies as in requests for SQL injection
>> etc. Would it be possible to provide something like --safe-request and read
>> request from a file?
>> Thanks,
>> Vojta
>>
>>
>> On 20.4.2015 23:56, Miroslav Stampar wrote:
>>
>> Done (usage e.g. --safe-url=... --safe-post="foo=bar&...").
>>
>> Bye
>>
>> On Mon, Apr 20, 2015 at 10:26 PM, Miroslav Stampar <
>> miroslav.stam...@gmail.com> wrote:
>>
>>> Pushing the patch in couple of hours.
>>>
>>> Bye
>>>
>>> On Mon, Apr 20, 2015 at 8:37 PM, Brandon Perry <
>>> bperry.volat...@gmail.com> wrote:
>>>
>>>> Ah, good point. Hadn't thought about that. Also, requiring a POST
>>>> request does make it difficult.
>>>>
>>>> On Mon, Apr 20, 2015 at 1:36 PM, Johnathon Doe <hood3dro...@gmail.com>
>>>> wrote:
>>>>
>>>>> I dont think second order option will work as that is specifiing
>>>>> where to look for injection results, which might result in your underlying
>>>>> injection failing if the results are not to be found there.
>>>>>
>>>>> There is however options in latest version that appear to be for just
>>>>> this type of situation (although I personally haven't used them just yet):
>>>>> --safe-url=SAFURL URL address to visit frequently during testing
>>>>> --safe-freq=SAFREQ Test requests between two visits to a given
>>>>> safe URL
>>>>>
>>>>> I believe this will ensure your session remains active during scan.
>>>>>
>>>>> There is also the options for CSRF tokens to be snagged and parsed via:
>>>>> --csrf-token=CSR.. Parameter used to hold anti-CSRF token
>>>>> --csrf-url=CSRFURL URL address to visit to extract anti-CSRF token
>>>>>
>>>>> In case the csrf token needs to be refreshed for each injection (when
>>>>> injecting into forms and other typical POST injections and such).
>>>>>
>>>>> On Mon, Apr 20, 2015 at 1:22 PM, Brandon Perry <
>>>>> bperry.volat...@gmail.com> wrote:
>>>>>
>>>>>> However, that being said, I have run into this before and had to
>>>>>> write my own exploits to fully exploit the vulnerability.
>>>>>>
>>>>>> On Mon, Apr 20, 2015 at 1:21 PM, Brandon Perry <
>>>>>> bperry.volat...@gmail.com> wrote:
>>>>>>
>>>>>>> There is a second order parameter, it could be used to perform this.
>>>>>>> It would be requested after ever injected request were sent.
>>>>>>>
>>>>>>> On Mon, Apr 20, 2015 at 1:18 PM, Vojtěch Polášek <krec...@gmail.com>
>>>>>>> wrote:
>>>>>>>
>>>>>>>> Greetings,
>>>>>>>> I am testing an application which I suspect to log me out if I don't
>>>>>>>> send certain post request in certain time interval.
>>>>>>>> Is this possible to do with Sqlmap? I know that there is a parameter
>>>>>>>> which lets me to run any python code before every request. But it
>>>>>>>> is not
>>>>>>>> so nice, let's say.
>>>>>>>> Is there any possibility to supply a post request to safeurl? Is
>>>>>>>> there
>>>>>>>> anything like this planed?
>>>>>>>> Thank you very much,
>>>>>>>> Vojta
>>>>>>>>
>>>>>>>>
>>>>>>>> ------------------------------------------------------------------------------
>>>>>>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>>>>>>>> Develop your own process in accordance with the BPMN 2 standard
>>>>>>>> Learn Process modeling best practices with Bonita BPM through live
>>>>>>>> exercises
>>>>>>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>>>>>>>> event?utm_
>>>>>>>>
>>>>>>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>>>>>>>> _______________________________________________
>>>>>>>> sqlmap-users mailing list
>>>>>>>> sqlmap-users@lists.sourceforge.net
>>>>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> http://volatile-minds.blogspot.com -- blog
>>>>>>> http://www.volatileminds.net -- website
>>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> --
>>>>>> http://volatile-minds.blogspot.com -- blog
>>>>>> http://www.volatileminds.net -- website
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>>>>>> Develop your own process in accordance with the BPMN 2 standard
>>>>>> Learn Process modeling best practices with Bonita BPM through live
>>>>>> exercises
>>>>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>>>>>> event?utm_
>>>>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>>>>>> _______________________________________________
>>>>>> sqlmap-users mailing list
>>>>>> sqlmap-users@lists.sourceforge.net
>>>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>>>
>>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> http://volatile-minds.blogspot.com -- blog
>>>> http://www.volatileminds.net -- website
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>>>> Develop your own process in accordance with the BPMN 2 standard
>>>> Learn Process modeling best practices with Bonita BPM through live
>>>> exercises
>>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>>>> event?utm_
>>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>>>> _______________________________________________
>>>> sqlmap-users mailing list
>>>> sqlmap-users@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>>
>>>>
>>>
>>>
>>> --
>>> Miroslav Stampar
>>> http://about.me/stamparm
>>>
>>
>>
>>
>> --
>> Miroslav Stampar
>> http://about.me/stamparm
>>
>>
>> ------------------------------------------------------------------------------
>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>> Develop your own process in accordance with the BPMN 2 standard
>> Learn Process modeling best practices with Bonita BPM through live
>> exerciseshttp://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>> event?utm_
>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>>
>>
>>
>> _______________________________________________
>> sqlmap-users mailing
>> listsqlmap-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>> Develop your own process in accordance with the BPMN 2 standard
>> Learn Process modeling best practices with Bonita BPM through live
>> exercises
>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>> event?utm_
>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>> _______________________________________________
>> sqlmap-users mailing list
>> sqlmap-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
>
> --
> Miroslav Stampar
> http://about.me/stamparm
>
>
>
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live
> exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
> event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
