Hi.
Obviously, don't use --threads in those kind of situations. Also,
--keep-alive could be a good choice together with (hidden) switch
--disable-precon.
As of time-based SQLi. Well, without the (as Brandon mentioned) statistical
model, sqlmap will have a problem. Also, if application is doing "sporadic"
timeouts I am not sure how in the first place are you expecting sqlmap to
detect whether there was a deliberate delay or not.
Anyway, I've pushed this moment a change where you can now use
--disable-stats just for this one thing you are looking for. As of whether
the sqlmap will now correctly perform tests (by using this option it is
strictly looking into the response times and doing a dumb delay inference -
if response time more than one given by --time-sec) I kind of doubt it.
Bye
On Mon, Feb 13, 2017 at 5:47 PM, Rodrigo Zanatta Silva <
rodrigozanattasi...@gmail.com> wrote:
> Yes, because every call I create an error in the server. So, I can only
> make X call before the pool of connections was full. Than I need to wait
> the server close this connections and try again.
>
> 2017-02-13 14:43 GMT-02:00 Brandon Perry <bperry.volat...@gmail.com>:
>
>>
>> > On Feb 13, 2017, at 10:39 AM, Rodrigo Zanatta Silva <
>> rodrigozanattasi...@gmail.com> wrote:
>> >
>> > How can I disable the sqlmap doing 30 connections before start doing
>> time attack?
>>
>> You have to build a statistical model of how quickly the requests
>> generally return to ensure accuracy during a timing attack. You can’t get
>> around this. A boolean-based timing attack is going to take a whole lot of
>> requests anyway, are you really worried about an extra 30?
>>
>> >
>> > There is a options or I need to find it in code? And where is this set?
>> > ------------------------------------------------------------
>> ------------------
>> > Check out the vibrant tech community on one of the world's most
>> > engaging tech sites, SlashDot.org! http://sdm.link/slashdot______
>> _________________________________________
>> > sqlmap-users mailing list
>> > sqlmap-users@lists.sourceforge.net
>> > https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>
>>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
--
Miroslav Stampar
http://about.me/stamparm
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
