Closed 04Shivam closed 2 months ago
stamparm
commented
2 months ago sorry, but this doesn't make any sense. sqlmap is trying to resolve the domain name (via DNS) and tries to send one HTTP request to the site in that "reachability" phase. I can't imagine a scenario where those two could fail and the site would eventually really work
p.s. in that HTTP request, it is using a proper HTTP method (in your case POST), so there is no reason for this fail from your story
04Shivam
commented
2 months ago Is there any way to share screenshots with you personally? I don't want anything related to the site I am testing to appear on the internet.
stamparm
commented
2 months ago there is, but I tend to be total jerk if people contact me privately, being absolutely confident about their issue, while I find that something trivial was behind. when you'll be 101% confident you can contact me via miroslav@sqlmap.org
04Shivam
commented
2 months ago I noticed one thing: when I visit the target domain through its DNS-resolved IP address, I receive a connection reset error in my browser. However, if I visit through the domain name, I can see the webpage. Could this be the reason SQLMap is giving me a connection reset error?
stamparm
commented
2 months ago sqlmap is not trying to connect directly to the IP address resolved through the DNS. it just tries to do the DNS lookup, then uses the domain name to connect to the other side
my guess is that something is blocking your requests
Is your feature request related to a problem? Please describe. The website I am testing is not reachable, but I found a POST endpoint that is vulnerable to SQL injection. I crafted a request using Burp Suite and used it in SQLMap. However, since SQLMap tests whether the target is reachable, and it is not, it gets stuck at 'testing connection to the target URL,' which eventually results in a 'connection reset to the target URL.'
Describe the solution you'd like I want a feature which enables us to skip the testing for connection to target URL.