Whenever I am Using - sqlmap -r sql.txt --dbms=MYSQL --dbs --batch following result get displayed.
└─# sqlmap -r sql.txt --dbms=MYSQL --dbs --batch
[:] legal disclaimer. Usage of sqlmap for attacking targets without prior mutual consent is illegal, It is the end user's responsibility to obey all applicable local. state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program
[*] starting @ 09:45:06 /2021-09-25/
[INFO] parsing HTTP request from 'sql.txt'
[CRITICAL] specified file 'sql.txt' does not contain a usable HTTP request (with parameters)
[*] ending @ 09:45:06 /2021-09-25/
BUT when I see the content of sql.txt file with cat command show nothing.
┌──(root💀kali)-[~/Desktop/sqlmap]
└─# ls -la
total 72
drwxr-xr-x 4 root root 4096 Sep 25 08:51 .
drwxr-xr-x 4 root root 4096 Sep 5 18:34 ..
drwxr-xr-x 2 root root 4096 Apr 20 14:18 docs
-rw-r--r-- 1 root root 47756 Jun 11 09:09 map.txt
-rw-r--r-- 1 root root 335 Jun 3 17:27 new.txt
drwxr-xr-x 11 root root 4096 Sep 25 08:49 sqlmap
-rw-r--r-- 1 root root 554 Sep 25 08:34 sql.txt
┌──(root💀kali)-[~/Desktop/sqlmap]
└─# cat sql.txt
┌──(root💀kali)-[~/Desktop/sqlmap]
└─#
And then if I tried to see content of sql.txt with nano command then It show all file data.
┌──(root💀kali)-[~/Desktop/sqlmap]
└─# nano sql.txt
POST /doLogin HTTP/1.1
Host: demo.testfire.net
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 35
Origin: http://demo.testfire.net
Connection: close
Referer: http://demo.testfire.net/login.jsp
Cookie: JSESSIONID=D5B396CF6FE3B67C4DF520346B5C889E
Upgrade-Insecure-Requests: 1
uid=test&passw=test&btnSubmit=Login
I am not able to use SQLMap with -r please help me
After a little digging into the source code of sqlmap on github, i found that there is a "bias" towards the input file being a raw dump of a http request intercepted by burpsuite or webscarab. Any other file (manually copy-pasted for instance from a web browser's http traffic as seen in the debug console) is somehow not ok.
So, the workaround i would suggest is to fire up burp suite (i have not yet worked with webscarab, so cannot comment on it), capture the http traffic of the request you are intending to analyse, copy paste the raw http traffic from burpsuite, into a text file and provide that file as the input to sqlmap with the -r switch.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.