Specified file 'sql.txt' does not contain a usable HTTP request (with parameters)

Question

Whenever I am Using - sqlmap -r sql.txt --dbms=MYSQL --dbs --batch following result get displayed.

└─# sqlmap -r sql.txt --dbms=MYSQL --dbs --batch      

                                                                                                           

[:] legal disclaimer. Usage of sqlmap for attacking targets without prior mutual consent is illegal, It is the end user's responsibility to obey all applicable local. state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 09:45:06 /2021-09-25/

[INFO] parsing HTTP request from 'sql.txt'

[CRITICAL] specified file 'sql.txt' does not contain a usable HTTP request (with parameters)

[*] ending @ 09:45:06 /2021-09-25/

BUT when I see the content of sql.txt file with cat command show nothing.

┌──(root💀kali)-[~/Desktop/sqlmap]
└─# ls -la
total 72
drwxr-xr-x  4 root root  4096 Sep 25 08:51 .
drwxr-xr-x  4 root root  4096 Sep  5 18:34 ..
drwxr-xr-x  2 root root  4096 Apr 20 14:18 docs
-rw-r--r--  1 root root 47756 Jun 11 09:09 map.txt
-rw-r--r--  1 root root   335 Jun  3 17:27 new.txt
drwxr-xr-x 11 root root  4096 Sep 25 08:49 sqlmap
-rw-r--r--  1 root root   554 Sep 25 08:34 sql.txt
                                                                                                                                                                         
┌──(root💀kali)-[~/Desktop/sqlmap]
└─# cat sql.txt 
                                                                                                                                                                         
┌──(root💀kali)-[~/Desktop/sqlmap]
└─# 

And then if I tried to see content of sql.txt with nano command then It show all file data.

┌──(root💀kali)-[~/Desktop/sqlmap]
└─# nano sql.txt   
                                                                               
POST /doLogin HTTP/1.1

Host: demo.testfire.net

User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0

Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

Accept-Encoding: gzip, deflate

Content-Type: application/x-www-form-urlencoded

Content-Length: 35

Origin: http://demo.testfire.net

Connection: close

Referer: http://demo.testfire.net/login.jsp

Cookie: JSESSIONID=D5B396CF6FE3B67C4DF520346B5C889E

Upgrade-Insecure-Requests: 1


uid=test&passw=test&btnSubmit=Login

I am not able to use SQLMap with -r please help me

Answer 1

After a little digging into the source code of sqlmap on github, i found that there is a "bias" towards the input file being a raw dump of a http request intercepted by burpsuite or webscarab. Any other file (manually copy-pasted for instance from a web browser's http traffic as seen in the debug console) is somehow not ok.

So, the workaround i would suggest is to fire up burp suite (i have not yet worked with webscarab, so cannot comment on it), capture the http traffic of the request you are intending to analyse, copy paste the raw http traffic from burpsuite, into a text file and provide that file as the input to sqlmap with the -r switch.