Comments (7)
codewatchorg
commented on July 28, 2024
1
Hmm, I will look into it. The sqlmap API server might be encoding the data and then passing it on to sqlmap that way. I don't believe SQLiPy is encoding anything.
from sqlipy.
stamparm
commented on July 28, 2024
1
@riramar I've fixed this issue (not related to sqlmap's #2568) here with latest commit (sqlmapproject/sqlmap@7dbbf3e)
from sqlipy.
codewatchorg
commented on July 28, 2024
This issue isn't quite clear to me. Does this only occur when using sqlipy? Are you saying that sqlipy encodes the values that it sends to the sqlmapapi server? I donβt develop sqlmap itself, just the integration between Burp and sqlmap, so I can only fix issues related directly to sqlipy.
from sqlipy.
riramar
commented on July 28, 2024
I'm not sure exactly which component is performing the URL encoding.
I'm assuming this workflow:
Burp > sqlipy > sqlmapapi > MyProxy > target
Looking to the requests on MyProxy I can see the request JSON payload with the special chars URL encoded.
If I do the exactly same scan but from command line:
Shell > sqlmap > MyProxy > target
From MyProxy in this case the URL encoding is not performed.
from sqlipy.
riramar
commented on July 28, 2024
One more comment, in the workflow below without any injection point (* or %INJECT HERE%) the URL encoding is not performed.
Burp > sqlipy > sqlmapapi > MyProxy > target
from sqlipy.
riramar
commented on July 28, 2024
I've opened an issue on sqlmap github and it seems to be fixed now. :)
from sqlipy.
riramar
commented on July 28, 2024
Thanks a lot @stamparm !!!
from sqlipy.
Related Issues (20)
- https://github.com/codewatchorg/sqlipy HOT 3
- No burp
- No "SQLiPy Scan" option in context menu HOT 1
- Scan starts but does not appear in the scan list HOT 6
- FR: Table View of Results
- FR: Auto Start Scan after Sending to SQLiPy
- FR: Ignore Cookies HOT 1
- FR: Flag False Positives as an FP or Info Issue HOT 1
- No right click console integration HOT 2
- Problem with running SQLiPy.py HOT 3
- Not getting same results in cli sqlmap HOT 3
- "Start Scan" button does nothing HOT 2
- SQLMap API not starting HOT 21
- Cannot See Scan Results HOT 3
- Sqlmaps do not keep path HOT 2
- SQLMap API is NOT running Error HOT 5
- Allow Specification of Technique in BurpSuite HOT 4
- Support for auto logs fetching
- FR: Auto save logs to disk / project
- Critical Error When Trying to Run HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sqlipy.