Sqlmap performance optimization settings
Sqlmap set persistent HTTP connections, sqlmap default is once upon a successful connection is closed immediately.
HTTP packets corresponds Connection: Close (once a connection is closed)
URL of the site you want to scan relatively long time, this is more cost performance, it needs to be persistent HTTP connections to improve scanning performance.
HTTP packets equivalent Connection: Keep-Alive
If the Sqlmap in the case, only need to add --keep-alive parameter
sqlmap -u "目标URL" --keep-aliveSqlmap arranged not to receive Http Body (Response Body) portion
Body part too large increase in the HTTP response delay, if only care about the response to the first part, you can set air connection
Setting parameter --null-connection
sqlmap -u "目标URL" --null-connectionSqlmap set Multithreading
Sqlmap default is single-threaded access, sequential scanning of serial execution, must wait until after the last request was successful scan will be performed later so since, scanning efficiency is much lower. Because the network connection is a time-consuming operation, the waiting period server response, Sqlmap on what can be done, the local CPU, memory resources are not beneficial use. And a plurality of parallel processing threads may request the local efficient use of system resources.
However, setting too many threads is not good, because the more threads, the greater the pressure side of the service, could lead to a significant reduction in speed of response or even packet loss, resulting in no response. So Sqlmap can only set the maximum 10 threads.
By setting --thread parameter set the number of threads
sqlmap -u "目标URL" --thread=10Sqlmap set output forecast
It used to retrieve and count the number of characters that appear
Parameters: --predict-the Output
And --thread conflict with each other, they can not be provided, such as specifying --predict-output and --thread
sqlmap -u "http://test.dvwa.com/login.php" --predict-output --thread=3We will report the following error
[23:10:15] [CRITICAL] switch '--predict-output' is incompatible with option '--threads' and switch '-o'By -o can open all performance tuning parameters
Sqlmap specify the location of injection
Scanning the specified parameters, instead of scanning all the parameters, to avoid wasting time point to a non-injection parameters to improve the scanning efficiency. For example, scan the following URL, is known to Submit static parameters, id is dynamic, you need only specify the id when scanning on the line, wrapped in double quotes when specifying multiple parameters, separated by commas. Specify the parameters in the HTTP request header, such as the User-Agent
sqlmap -u "http://test.dvwa.com/vulnerabilities/sqli/?id=1&Submit=Submit#" -p idProvided --skip Skip scan parameters specified, and -p opposite effects, it is required to skip scan parameters. If you do not want to scan Referfer and HTTP header parameter HOST
sqlmap -u "http://test.dvwa.com/vulnerabilities/sqli/?id=1&Submit=Submit#" --skip "Referfer,HOST"Provided --param-exclude does not contain a request specific content parameter detection, such as token request does not contain session parameters and detect
sqlmap -u "http://test.dvwa.com/vulnerabilities/sqli/?id=1&Submit=Submit#" --param-exclude="token,session"Provided --skip-static ignored when scanning a non-dynamic parameters
Specifies URI injection position
When the injection point at the URI, unless manually inject spot on a URI, otherwise Sqlmap not perform any automatic test of URI path must be specified in the URI when scanning an asterisk (*) These injection points
sqlmap -u "http://test.dvwa.com/vulnerabilities/sqli*/?id=1&Submit=Submit#"