请求设置
请求设置
Request: 请求 These options can be used to specify how to connect to the target URL sqlmap发出自定义请求
--method=METHOD Force usage of given HTTP method (e.g. PUT) GET HEAD POST PUT DELETE CONNECT OPTIONS TRACE PATCH
--data=DATA
Data string to be sent through POST 指定POST的参数
--param-del=PARA.. Character used for splitting parameter values id=1&pass=123 这个拆分一些参数的,如下面用;拆分post参数 python sqlmap.py -u "http://www.target.com/vuln.php" --method=post --data="id=1&pass=123"
--cookie=COOKIE HTTP Cookie header value 指定cookie值
--cookie-del=COO.. Character used for splitting cookie values 指定分割cookie值的字符
--load-cookies=L.. File containing cookies in Netscape/wget format 这个是从文件中读取cookie吧,Netscape/wget格式的
Netscape HTTP Cookie File
http://curl.haxx.se/rfc/cookie_spec.html
This file was generated by EditThisCookie
URL: https://www.taobao.com/
.taobao.com FALSE / FALSE 1506653985.701691 cc VTcL3FSpdA%3D%3D .taobao.com FALSE / FALSE l_g Ug%3D%3D .taobao.com FALSE / FALSE nk ********* .taobao.com FALSE / FALSE tb_token adb108c61f3f .taobao.com FALSE / FALSE 1694321569.582931 ali_ab 121.14.96.125.1378961569676.2 .taobao.com FALSE / FALSE 1689302468.418356 cna bd83adb108c61f3fd48f12fa .taobao.com FALSE / FALSE cookie1 BD83ADB108C61F3FD48F12FA7C88A7F5FD01D
--drop-set-cookie Ignore Set-Cookie header from response 忽略响应包的Set-Cookie头
--user-agent=AGENT HTTP User-Agent header value 指定User-Agent用户代理 Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/37.0.2062.94 Chrome/37.0.2062.94 Safari/537.36 Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36 Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/600.8.9 (KHTML, like Gecko) Version/8.0.8 Safari/600.8.9 Mozilla/5.0 (iPad; CPU OS 8_4_1 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H321 Safari/600.1.4 Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36 Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36 Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.135 Safari/537.36 Edge/12.10240 Mozilla/5.0 (Windows NT 6.3; WOW64; rv:40.0) Gecko/20100101 Firefox/40.0 Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36
--random-agent Use randomly selected HTTP User-Agent header value 随机选用sqlmap目录中的User-Agent
--host=HOST HTTP Host header value
--referer=REFERER HTTP Referer header value
-H HEADER, --hea.. Extra header (e.g. "X-Forwarded-For: 127.0.0.1") 指定某个头部,如: -H "X-Forwarded-For: 127.0.0.1"
--headers=HEADERS Extra headers (e.g. "Accept-Language: fr\nETag: 123") 这个的话应该是可以指定多个,用\n分割 -H "X-Forwarded-For: 127.0.0.1\nXXX: PPP"
--auth-type=AUTH.. HTTP authentication type (Basic, Digest, NTLM or PKI) 指定http认证类型
--auth-cred=AUTH.. HTTP authentication credentials (name:password) 指定http认证的账户名和密码,就行apache就可以设置访问某个目录时要认证
--auth-file=AUTH.. HTTP authentication PEM cert/private key file 指定一个私钥文件来认证
--ignore-401 Ignore HTTP Error 401 (Unauthorized)
--proxy=PROXY Use a proxy to connect to the target URL --proxy-cred=PRO.. Proxy authentication credentials (name:password) --proxy-file=PRO.. Load proxy list from a file
--ignore-proxy Ignore system default proxy settings --tor Use Tor anonymity network --tor-port=TORPORT Set Tor proxy port other than default --tor-type=TORTYPE Set Tor proxy type (HTTP, SOCKS4 or SOCKS5 (default)) --check-tor Check to see if Tor is used properly --delay=DELAY Delay in seconds between each HTTP request 设置每个HTTP请求的时间间隔
--timeout=TIMEOUT Seconds to wait before timeout connection (default 30) 设置超时时间,默认30秒
--retries=RETRIES Retries when the connection timeouts (default 3) 设置重试的次数,默认3次
--randomize=RPARAM Randomly change value for given parameter(s) 随机地更改给定参数的值,sqlmap -u url.com/?id=1 --randomize=id
--safe-url=SAFEURL URL address to visit frequently during testing 有的web应用程序会在你多次访问错误的请求时屏蔽掉你以后的所有请求 这里提供一个安全不错误的连接,每隔一段时间都会去访问一下
--safe-post=SAFE.. POST data to send to a safe URL 这里设置一个正确的post数据
--safe-req=SAFER.. Load safe HTTP request from a file 从文件中读取安全,或者叫正确的http请求
--safe-freq=SAFE.. Test requests between two visits to a given safe URL 设置访问安全url的时间间隔
--skip-urlencode Skip URL encoding of payload data 不进行url编码
--csrf-token=CSR.. Parameter used to hold anti-CSRF token --csrf-url=CSRFURL URL address to visit to extract anti-CSRF token --force-ssl Force usage of SSL/HTTPS --hpp Use HTTP parameter pollution method 参数污染 ?id=cmd&id=aa
--eval=EVALCODE Evaluate provided Python code before the request "import hashlib;id2=hashlib.md5(id).hexdigest()") 发送请求之前,先运行这段python代码,比如对某个参数进行处理 比如下面的,hash参数就是id的md5值 python sqlmap.py -u "http://www.target.com/vuln.php?id=1&hash=c4ca4238a0b923820dcc509a6f75849b" --eval="import hashlib;hash=hashlib.md5(id).hexdigest()"