🌚Advanced SQLMap
Bypassing Web Application Protections
Anti-CSRF Token Bypass
The option to do this is --csrf-token
. By specifying the token parameter name (which should already be available within the provided request data), SQLMap will automatically attempt to parse the target response content and search for fresh token values so it can use them in the next request.
Unique Value Bypass
In some cases, the web application may only require unique values to be provided inside predefined parameters.
For this, the option --randomize
should be used, pointing to the parameter name containing a value which should be randomized before being sent
IP Address Concealing
In case we want to conceal our IP address, or if a certain web application has a protection mechanism that blacklists our current IP address, we can try to use a proxy or the anonymity network Tor. A proxy can be set with the option --proxy
--proxy="socks4://177.39.187.70:33283"
, where we should add a working proxy.
Tamper Scripts
This is used for bypassing WAF/IPS solutions. It works by replacing all occurrences of greater than operator (>
) with NOT BETWEEN 0 AND #
, and the equals operator (=
) with BETWEEN # AND #
. This way, many primitive protection mechanisms (focused mostly on preventing XSS attacks) are easily bypassed,
It works with --tamper
option (e.g. --tamper=between,randomcase
)
What's the contents of table flag8? (Case #8)
What's the contents of table flag9? (Case #9)
What's the contents of table flag10? (Case #10)
What's the contents of table flag11? (Case #11)
Last updated