search

sqlmapproject / sqlmap

Automatic SQL injection and database takeover tool
http://sqlmap.org
Other
31.91k stars 5.67k forks source link

How often does sqlmap hop proxies given as a file? #2427

Closed Ekultek closed 7 years ago

Ekultek commented 7 years ago

What's the problem (or question)?

How often does sqlmap hop proxies given as a proxy file list, also is there a way to set the amount of time to spend on each proxy for further anonymity?

Do you have an idea for a solution?

If there is no solution, make a flag for time spent on each proxy (in seconds)

How can we reproduce the issue?

n/a

What are the running context details?

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user' s responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting at 19:32:35

[19:32:35] [INFO] loading proxy 'http://97.**.1**.***:8*' from a supplied proxy list file [19:32:35] [INFO] testing connection to the target URL



* Exception traceback (if any): n/a
stamparm commented 7 years ago

Idea of proxy list is to skip the proxy in case of any problems with the current one. There are gazillion potential problems with using different proxy with each request. I can guess that you would at least raise 5 new issues. First is the different latencies between proxies, hence, time-based SQLi would "suffer". Second is that different proxy potentially introduces/filters different content. Some proxies even tend to misbehave and just not return the originally requested data.

In case that you want to randomize "hopping" please use proxychains

Ekultek commented 7 years ago

Cool thank you

On Mar 6, 2017, at 4:50 AM, Miroslav Stampar notifications@github.com wrote:

Closed #2427.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

mr-m0nst3r commented 5 years ago

@stamparm Hi mate, I have the same problem, because our pentest is against Banks, so, I have to use a proxy pool, and the proxy is crawled from the Internet. Proxychains is not a good solution, I guess, because the proxies from the Internet is updating, and most of them became unavailable after hours or days.

I'm keeping a updated proxy pool using some docker machines, but I don't know how to integrate the proxy pool into sqlmap. I think I should do some coding with the conf.proxyList, but I can't find the code in sqlmap how it would choose the next available proxy.

Would you help me locate the code? Appreciated.

stamparm commented 5 years ago

@mr-m0nst3r:

A) after a connection problem with first proxy from a list (provided with --proxy-file), sqlmap jumps to the second, then afterwards to third...

B) it is being set inside _setHTTPHandlers() (code) at the start of sqlmap OR after any kind of connection problems (code)

C) I am not really sure what are you trying to do, so best of luck with modifications

mr-m0nst3r commented 5 years ago

@stamparm Thank you, mate. I think _setHTTPHandlers() is what I should do some coding with.

Actually, what I need to do is, I wish to provide a url, which is an API, to sqlmap commandline, when sqlmap decides to switch to another proxy, it should make a request to the API, resolve the returned data, and get the IP and PORT inside.

It would be a great help if you've got time for some reviewing. I'm not good at programming. 😂

stamparm commented 5 years ago

Post a link to some code here and I could review later

mr-m0nst3r commented 5 years ago

@stamparm Hi there, I did some coding. haven't checked.

There're three changed to the options.py. Should work, I think.

image

image

stamparm commented 5 years ago

ok. looks fine at first glance