I think so but how can I access and modify headers in a —eval ? ./sqlmap.py -u "http://www.google.com/?id=1"; --eval="print(uri) ; print(method); print(headers); print(body); » [11:24:12] [INFO] testing connection to the target URL http://www.google.com:80/ <- uri is good ! [11:24:12] [CRITICAL] an error occurred while evaluating provided code ('name 'method' is not defined’)
headers and body can be accessed neither ? Regards, Vincent > Le 16 sept. 2015 à 20:43, Brandon Perry <bperry.volat...@gmail.com> a écrit : > > Could you use --eval for this instead? > > On Wed, Sep 16, 2015 at 10:17 AM, Vincent Malguy <vinc...@malguy.fr> wrote: > Hi, > > I am new to tamper scripts and I have to forge some custom headers to pass a > API authentication. > I need to get the http METHOD (get, post …) use by the next sqlmap resquest > and the exact URL that will be use . > > For exemple , in this header : > [17:06:22] [TRAFFIC OUT] HTTP request [#35]: > GET /1.0/iot/app/SQLIHERE HTTP/1.1 > Accept-language: en-us,en;q=0.5 > Accept-encoding: identity > Pragma: no-cache > Cache-control: no-cache,no-store > Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 > User-agent: sqlmap/1.0-dev-c59ead3 (http://sqlmap.org) > Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 > > > I want to be able to get the first line : GET /1.0/iot/app/SQLIHERE > From this line , I would be able to parse for the METHOD and get the URI that > I will *statically* concat with the base URL of the API. > > So far I have managed to compute the auth header and use sqlmap to test the > API but I have to update my tamper script for each different endpoint (URI). > > Thanks for your help. > > > > > ------------------------------------------------------------------------------ > Monitor Your Dynamic Infrastructure at Any Scale With Datadog! > Get real-time metrics from all of your servers, apps and tools > in one place. > SourceForge users - Click here to start your Free Trial of Datadog now! > http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140 > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > > > > -- > http://volatile-minds.blogspot.com -- blog > http://www.volatileminds.net -- website
signature.asc
Description: Message signed with OpenPGP using GPGMail
------------------------------------------------------------------------------ Monitor Your Dynamic Infrastructure at Any Scale With Datadog! Get real-time metrics from all of your servers, apps and tools in one place. SourceForge users - Click here to start your Free Trial of Datadog now! http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
