Here is my project which also leverages the sqlmap API server, the client file might be of interest. I didn't find much documentation outside of Brandon's site so the source is fairly documented if you need another reference to help lend a hand in understanding how it works.
https://github.com/Hood3dRob1n/SQLMAP-Web-GUI https://github.com/Hood3dRob1n/SQLMAP-Web-GUI/blob/master/sqlmap/inc/SQLMAPClientAPI.class.php #of most interest to you On Fri, Aug 14, 2015 at 4:31 PM, Miroslav Stampar < miroslav.stam...@gmail.com> wrote: > Hi. > > With the latest revision you have a special variable "lastPage" for --eval > purposes. > > For example: python sqlmap.py -u " > http://testphp.vulnweb.com/artists.php?artist=1"; --eval="print lastPage" > > Bye > > p.s. for REST API quick reference go to the > http://volatile-minds.blogspot.com/2013/04/unofficial-sqlmap-restful-api.html > as Brandon already suggested > > On Thu, Aug 13, 2015 at 12:11 PM, Vojtěch Polášek <krec...@gmail.com> > wrote: > >> Thank you very much, this will certainly help in automating Sqlmap. >> But I think it doesn't solve my problem. >> I will try to explain it once more and suggest some possible solution, >> which came to my mind: >> I am trying to find SQL injection flaw in a HTTP request which deletes >> an object. >> Before every request I need to: >> 1. send a POSt request to create an object - every object gets a new ID >> 2. receive response and get new object ID >> 3. send the deletion request which tests for SQL injection flaw. >> As far as I thought about it, the REST API won't help me here. >> The --eval argument seems like the best approach for me. From the usage >> page I can see, that I can change parameter values in the request >> through --eval. That's good. But is it also possible to access >> information send in the last response? That's all I need I think. If I >> could access information from last response within the --eval, I could >> modify original request for deletion to delete the right object. >> I guess that there is some name space which can be accessed by my custom >> script in the context of --eval, right? >> What do you think about it? Do you understand it or should I provide >> more information? >> And one more question - in which class should I look to get list of all >> implemented methods for REST API? I took a brief look at >> lib/utils/api.py, but I can't seem to find the right class. I have never >> worked with Bottle framework before. >> Thanks alot for your help, I really appreciate it. >> Best regards, >> Vojtěch Polášek >> >> >> ------------------------------------------------------------------------------ >> _______________________________________________ >> sqlmap-users mailing list >> sqlmap-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> > > > > -- > Miroslav Stampar > http://about.me/stamparm > > > ------------------------------------------------------------------------------ > > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > >
------------------------------------------------------------------------------
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
