When we use sqlmap, it does everything automatically for finding sql injection of a website. I'm interested in that I send malicious queries directly in my browser and get the results in it, but when I couldn't find anything, I use sqlmap for finding malicious queries. I use the payload that sqlmap gives me and enter it in the vulnerable field of the website in my browser. I want to get all databases of the website in my browser, but I cannot get them. Although sqlmap uses the payload and gives me all databases of the website. Now my question is how to use sqlmap payload in browser manually?
So this is the problem,I have a simple way to sound.
1.you must have burpsuite tools
2.Monitor local 8080 or any port you specify by burpsuite.
3. use the --proxy parameter U of sqlmap. It looks like this.
sqlmap.py -u "URL" --proxy http://127.0.0.1:8080
4.you can get all http requests,then you can test it in your browers
good luck to you!
Related
the box appears in below snapshot is neither alert box,prompt box nor confirm box. then what is this? how can i create the same thing like this?
It's a BasicAuth prompt, if your server return a request for BasicAuth it will get handled by the browser.
It happens when the browser receives a response with a header that looks like this, "insert realm" can be almost anything:
WWW-Authenticate: Basic realm="insert realm"
Usually the web browser handles it by itself and shows that kind of prompt. By the way it's unrelated to the web server as it's part of the protocole. If you happen to run an application server, you'll have to send the header above in a response and expect an Authorization header back from the "web client".
If you run apache, nginx, you can check simply for BasicAuth and you should be able to find documentation on how to set it up.
Read more here: BasicAuth
If you have enough courage you can read the RFCs
This is a simple HTTP Authentification, like the one you can setup with a ".htpasswd" file on Apache and so on.
You can't do it with Javascript (it's on server-side), in PHP it would be like this
So I am using http://apikitchen.com/ to debug an issue I am having with a drupal service.
I use: http://vmstage.dop.com/mobile/user/login.json as the URL to test. Method is POST and add two parameters:
username
password
Set the username and password as whatever you like. It will return 401 Unauthorized: Wrong username or password. which is what you should get since you don't know the username or password
I saw they had a mac osx version of this and when I run the exact same thing in their desktop program I get a 406 - Not acceptable.
The reason I am testing in this is because an iPhone app I am working relies on the drupal services to login and I am getting the same thing running through the iPhone emulator.
Back to the API kitchen thing, it works through the browser, but not through their desktop program..makes me think it has something to do with content-type or port. What do you guys think?
I am the author of APIKitchen. I don't think there are any differences between the web and desktop version but if you can provide a sample url with parameters I can quickly look into it.
Generally a 406 error is used to indicate that a request is malformed in some manner. I am not familiar with the tools you are using, but I think you are on the right track in looking for things that might be different between the different requests. You should look at the header differences (including content type). Also, maybe there are some JSON encoding differences between the two different platforms that the API doesn't like.
I have a simple RESTful web service and I wish to test the PUT method on a certain resource. I would like to do it in the most simple way using as few additional tools as possible.
For instance, testing the GET method of a resource is the peak of simplicity - just going to the resource URL in the browser. I understand that it is impossible to reach the same level of simplicity when testing a PUT method.
The following two assumptions should ease the task:
The request body is a json string prepared beforehand. Meaning, whatever is the solution to my problem it does not have to compose a json string from the user input - the user input is the final json string.
The REST engine I use (OpenRasta) understands certain URL decorators, which tell it what is the desired HTTP method. Hence I can issue a POST request, which would be treated as a PUT request inside the REST engine. This means, regular html form can be used to test the PUT action.
However, I wish the user to be able to enter the URL of the resource to be PUT to, which makes the task more complicated, but eases the testing.
Thanks to all the good samaritans out there in advance.
P.S.
I have neither PHP nor PERL installed, but I do have python. However, staying within the realm of javascript seems to be the simplest approach, if possible. My OS is Windows, if that matters.
I'd suggest using the Poster add-on for Firefox. You can find it over here.
As well as providing a means to inspect HTTP requests coming from desktop and web applications, Fiddler allows you to create arbitrary HTTP requests (as well as resend ones that were previously sent by an application).
It is browser-agnostic.
I use the RESTClient firefox plugin (you can not use an URL for the message body but at least you can save your request) but also would recommend curl on the command line.
Maybe you should also have a look at this SO question.
I would like to know how can I hit a web page programmatically and silently using C/C++?
I tried ShellExecute (shellapi.h), don't know how to make use of it?
Use the HTTP protocol directly
netcat
curl
wget
HTTP Client Services
On linuxen there are perl implemented CLI commands (GET, PUT, POST), in short: pick one from a vast array; you platform will have tools too.
Simplistic example:
type request.http | netcat mywebserver:80
Where request.http could be as simple as
GET /
(mind the trailing empty lines, which SO helpfully hides)
I'm no expert on web development, and need to find a way to let the browser call a PHP routine on the server with the current document ID as parameter, eg.
http://www.acme.com/index.php?id=1
I then need to call eg. /change.php with id=1 to do something about that document.
Unless I'm mistaken, there are three ways for the client to return this information:
if passed as argument in the URL (as above), it will be available as HTTP referrer
by including it as hidden field in
by sending it as cookie
I suppose using a hidden field is the most obvious choice. Are there other ways? Which solution would you recommend? Any security issues to be aware?
Thank you.
You can also POST the data so it won't be seen in the URL with ’form method = "post" ’
All of these methods are, to a point, insecure as they can be manipulated by a savvy user/hacker. You could https your site, limiting any man in then middle attacks. Be sure to check and validate incoming data
Ajax is another option as well, and it allows you to send that information without refreshing the page.
http://www.acme.com/index.php?id=1
The above url would be more "browser friendly" if you transform it into something similar to this:
http://www.acme.com/index/page/1
I am sure you can achieve this in Apache. Or Java Servlets.