search

sqlmapproject / sqlmap

Automatic SQL injection and database takeover tool
http://sqlmap.org
Other
32.45k stars 5.71k forks source link

problem in the proxy #4479

Closed bintangadi closed 3 years ago

bintangadi commented 3 years ago

┌──(bintang㉿kali)-[~] └─$ sqlmap -u 'https://xxxxxxxxxxxxxxxprod.php?id=951' --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --level=5 --risk=3 --dbs --proxy="http://192.168.43.1:44355"

   __H__

[,]__ _ {1.4.12.23#dev} | -| . [(] | .'| . | || [']|||_,| | ||V... || http://sqlmap.org

[23:21:24] [WARNING] switch/option '--identify-waf' is deprecated (hint: functionality being done automatically) [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 23:21:24 /2020-12-14/

[23:21:24] [DEBUG] cleaning up configuration parameters [23:21:24] [INFO] loading tamper module 'between' [23:21:24] [INFO] loading tamper module 'randomcase' [23:21:24] [INFO] loading tamper module 'space2comment' [23:21:24] [DEBUG] setting the HTTP timeout [23:21:24] [DEBUG] setting the HTTP User-Agent header [23:21:24] [DEBUG] loading random HTTP User-Agent header(s) from file '/usr/share/sqlmap/data/txt/user-agents.txt' [23:21:25] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (Windows NT 5.1; U; zh-cn; rv:1.8.1) Gecko/20091102 Firefox/3.5.5' from file '/usr/share/sqlmap/data/txt/user-agents.txt' [23:21:25] [DEBUG] setting the HTTP/SOCKS proxy for all HTTP requests [23:21:25] [DEBUG] creating HTTP requests opener object [23:21:25] [DEBUG] setting the HTTP Referer header to the target URL [23:21:25] [DEBUG] setting the HTTP Host header to the target URL [23:21:25] [INFO] testing connection to the target URL [23:21:27] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_2' ('error: Error') [23:21:27] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [23:21:27] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [23:21:27] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLS' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [23:21:27] [CRITICAL] can't establish SSL connection

[*] ending @ 23:21:27 /2020-12-14/

i use tunnel SSH over SSL/TLS to bypass ISP [2020-12-14 23:20:33] Running on samsung SM-J* samsung, Android API 22 [2020-12-14 23:20:33] Application version: 5.2.4 Build 137 [2020-12-14 23:20:33] Log Cleared [2020-12-14 23:20:34] Tunnel Type SSL/TLS ➔ SSH [2020-12-14 23:20:34] [START] service requested [2020-12-14 23:20:34] Network Status: CONNECTED LTE to MOBILE internet [2020-12-14 23:20:34] Injector Service Started [2020-12-14 23:20:34] Local IP: 192.1*. [2020-12-14 23:20:34] Starting listening local port: 8989 [2020-12-14 23:20:34] Start tunnel service [2020-12-14 23:20:34] Tunnel Type SSL + SSH Connection [2020-12-14 23:20:34] SNI hostname: whatsapp.net [2020-12-14 23:20:35] Established TLSv1.2 connection with whatsapp.net:443 using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 [2020-12-14 23:20:35] Start SSL handshake [2020-12-14 23:20:35] Hostkey fingerprint: 48:27:2:e:9f:8:de:e5:b9:8f:e8:2d:e:d2:40:cb [2020-12-14 23:20:35] Key exchange algorithm: curve25519-sha256@libssh.org [2020-12-14 23:20:35] Using algorithm: aes256-ctr hmac-sha2-256 [2020-12-14 23:20:35] Username: bangst [2020-12-14 23:20:35] Server Message:

-NO SPAM !!! -NO DDOS !!! -NO HACKING !!! -NO CARDING !!! -NO CRIMINAL CYBER !!! -MAX LOGIN 1 DEVICE/BITVISE !!! -AUTO DELETE MULTILOGIN !!!

Support us! sshstores.net

[2020-12-14 23:20:35] Password auth available [2020-12-14 23:20:35] Authenticate with password [2020-12-14 23:20:36] Forward Successful [2020-12-14 23:20:36] Connected [2020-12-14 23:20:36] Network available: [type: MOBILE[LTE] - MOBILE, state: CONNECTED/CONNECTED, reason: connected, extra: internet, roaming: false, failover: false, isAvailable: true, isConnectedToProvisioningNetwork: false] [2020-12-14 23:20:36] Starting Injector VPN Service [2020-12-14 23:20:36] DNS Forwarding: Google DNS [2020-12-14 23:20:36] Preparing DNS forwarding [2020-12-14 23:20:38] Starting DNS forwarding [2020-12-14 23:20:39] UDPGW Port: 7390 [2020-12-14 23:20:39] Google DNS enabled [2020-12-14 23:20:39] DNS forwarding enabled [2020-12-14 23:20:39] Routes: 0.0.0.0/0, 8.8.4.4/32, 8.8.8.8/32 [2020-12-14 23:20:39] Routes excluded: 10.0.0.0/8, 13.212.37.168/32, 172.16.0.0/12, 192.168.0.0/16 [2020-12-14 23:20:39] VPN Connected [2020-12-14 23:20:43] Type: MOBILE [LTE] | State: CONNECTED | Reason: connected | internet [2020-12-14 23:20:46] Hotshare Service Started

i use hotshare to tethreing my connection to the computer so i get the proxy ip : 192.168.43.1 proxy port : 44355

stamparm commented 3 years ago

Note to my future self: TLS/SNI over --proxy

bintangadi commented 3 years ago

bro still not working

┌──(bintang㉿kali)-[~] └─$ sqlmap -u 'https://www.xxxxxxx/productlist.php?Group=3&pr=3' --identify-waf --random-agent -v 3 --tamper="between,randomcase,space2comment" --level=5 --risk=3 --dbs --proxy="http://192.168.43.1:44355"

   __H__

[,]__ _ {1.4.12.30#dev} | -| . [(] | .'| . | || [.]|||_,| | ||V... || http://sqlmap.org

[15:48:18] [WARNING] switch/option '--identify-waf' is deprecated (hint: functionality being done automatically) [!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 15:48:18 /2020-12-20/

[15:48:18] [DEBUG] cleaning up configuration parameters [15:48:18] [INFO] loading tamper module 'between' [15:48:18] [INFO] loading tamper module 'randomcase' [15:48:18] [INFO] loading tamper module 'space2comment' [15:48:18] [DEBUG] setting the HTTP timeout [15:48:18] [DEBUG] setting the HTTP User-Agent header [15:48:18] [DEBUG] loading random HTTP User-Agent header(s) from file '/usr/share/sqlmap/data/txt/user-agents.txt' [15:48:18] [INFO] fetched random HTTP User-Agent header value 'Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8) Gecko/20060130 Ubuntu/1.5.dfsg-4ubuntu6 Firefox/1.5' from file '/usr/share/sqlmap/data/txt/user-agents.txt' [15:48:18] [DEBUG] setting the HTTP/SOCKS proxy for all HTTP requests [15:48:18] [DEBUG] creating HTTP requests opener object [15:48:19] [DEBUG] setting the HTTP Referer header to the target URL [15:48:19] [DEBUG] setting the HTTP Host header to the target URL [15:48:19] [INFO] testing connection to the target URL you have not declared cookie(s), while server wants to set its own ('PHPSESSID=ddfsfn0da56...2e0ovlhvc0'). Do you want to use those [Y/n] [15:48:24] [INFO] testing if the target URL content is stable [15:48:27] [INFO] target URL content is stable [15:48:27] [INFO] testing if GET parameter 'Group' is dynamic [15:48:27] [PAYLOAD] 6623 [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_2' ('error: Error') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_2' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLS' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_2' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_2' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLS' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_2' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_2' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLS' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_2' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_2' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLS' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:28] [WARNING] GET parameter 'Group' does not appear to be dynamic [15:48:28] [PAYLOAD] 3,.),,,))'" [15:48:29] [INFO] heuristic (basic) test shows that GET parameter 'Group' might be injectable (possible DBMS: 'MySQL') [15:48:29] [PAYLOAD] 3'laKvNV<'">rotbmj [15:48:30] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_2' ('error: Error') [15:48:30] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:30] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:30] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_2' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:30] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:30] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:30] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLS' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:30] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_2' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:30] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:30] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:30] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_2' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:30] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:30] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:30] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLS' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:30] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_2' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:30] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:30] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:30] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_2' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:30] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:30] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:31] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLS' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:31] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_2' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:31] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:31] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:31] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_2' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:31] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1_1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:31] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLSv1' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:31] [DEBUG] SSL connection error occurred for 'PROTOCOL_TLS' ('SSLError: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:727)') [15:48:31] [CRITICAL] can't establish SSL connection

[*] ending @ 15:48:31 /2020-12-20/

bintangadi commented 3 years ago

Screenshot from 2020-12-20 16-03-23

ruleaker commented 1 year ago

bro still not working