Comments (6)
In case logs are needed, here they are:
`Calling: C:\Python27\python.exe C:\Users\Administrator\Desktop\sqlmap\sqlmapapi.py -s -H 127.0.0.1 -p 9090
SQLMap API started.
02:09:30] [INFO] Running REST-JSON API server at '127.0.0.1:9090'..
02:09:30] [DEBUG] REST-JSON API server connected to IPC database
02:09:30] [DEBUG] Using adapter 'wsgiref' to run bottle
02:09:34] [WARNING] [0] Invalid task ID provided to scan_status()
SQLMap Command: sqlmap.py -u "http://******/PetBuyBookUserPhotos.aspx?user_id=1" --delay=0 --timeout=30 --retries=0 --level=3 --risk=1 --threads=1 --time-sec=5 -b --dbs --batch --answers="crack=N,dict=N,continue=Y,quit=N"
Created SQLMap Task: 333f5cd2e7271468
SQLMap options set on Task 333f5cd2e7271468: {"authCred": null, "referer": null, "tamper": null, "getCurrentUser": false, "agent": null, "data": null, "answers": "crack=N,dict=N,continue=Y,quit=N", "dbms": null, "timeout": 30, "getPasswordHashes": false, "torPort": null, "getHostname": false, "textOnly": false, "getUsers": false, "tor": false, "csrfUrl": null, "skipHeuristics": null, "torType": "HTTP", "proxyFreq": null, "authType": null, "testParameter": null, "getRoles": false, "headers": null, "method": null, "cookie": null, "os": null, "isDba": false, "level": 3, "threads": 1, "hpp": false, "timeSec": 5, "ignoreCode": null, "url": "http://*******/PetBuyBookUserPhotos.aspx?user_id=1", "proxy": null, "retries": 3, "csrfToken": null, "delay": 0, "liveCookies": null, "getDbs": true, "risk": 1, "getPrivileges": false, "getCurrentDb": false, "getBanner": "true"}
SQLMap options returned: {"success": true, "options": {"beep": false, "tamper": null, "getCurrentUser": false, "dnsDomain": null, "bulkFile": null, "googlePage": 1, "api": true, "authFile": null, "safeUrl": null, "taskid": "333f5cd2e7271468", "getRoles": false, "fileDest": null, "rParam": null, "profile": false, "requestFile": null, "proxy": null, "retries": 3, "delay": 0, "sqlFile": null, "authCred": null, "paramFilter": null, "hexConvert": false, "freshQueries": false, "offline": false, "torPort": null, "csrfRetries": 0, "search": false, "getHostname": false, "textOnly": false, "notString": null, "configFile": null, "authType": null, "dumpFormat": "CSV", "outputDir": null, "keepAlive": false, "flushSession": false, "disableColoring": true, "hpp": false, "parseErrors": false, "getSchema": false, "limitStart": null, "wizard": false, "getPrivileges": false, "predictOutput": false, "cookieDel": null, "db": null, "osShell": false, "agent": null, "testFilter": null, "safeFreq": null, "dbms": null, "regDel": false, "proxyFile": null, "getPasswordHashes": false, "osPwn": false, "extensiveFp": false, "testSkip": null, "osSmb": false, "skipHeuristics": null, "forceSSL": false, "getComments": false, "exclude": null, "dbmsCred": null, "randomAgent": false, "dumpTable": false, "batch": true, "ignoreCode": null, "crawlDepth": null, "encoding": null, "commonFiles": false, "unstable": false, "checkTor": false, "logFile": null, "webRoot": null, "listTampers": false, "harFile": null, "string": null, "dumpAll": false, "purge": false, "secondReq": null, "timeout": 30, "paramExclude": null, "ignoreTimeouts": false, "excludeSysDbs": false, "alert": null, "scope": null, "fileWrite": null, "headers": null, "osCmd": null, "mobile": false, "chunked": false, "safePost": null, "titles": false, "commonColumns": false, "safeReqFile": null, "csrfMethod": null, "regData": null, "nullConnection": false, "regRead": false, "loadCookies": null, "risk": 1, "prefix": null, "privEsc": false, "answers": "crack=N,dict=N,continue=Y,quit=N", "base64Parameter": null, "dummy": false, "crawlExclude": null, "fileRead": null, "getUsers": false, "torType": "HTTP", "getCount": false, "smokeTest": false, "secondUrl": null, "skipWaf": false, "murphyRate": null, "method": null, "cookie": null, "sqlQuery": null, "evalCode": null, "regAdd": false, "uFrom": null, "skipStatic": false, "dependencies": false, "saveConfig": null, "charset": null, "regexp": null, "proxyCred": null, "direct": null, "skip": null, "base64Safe": false, "smart": false, "invalidBignum": false, "noCast": false, "tor": false, "invalidString": false, "ignoreProxy": false, "regType": null, "csvDel": ",", "testParameter": null, "trafficFile": null, "invalidLogical": false, "osBof": false, "pivotColumn": null, "regKey": null, "url": "http://**********/PetBuyBookUserPhotos.aspx?user_id=1", "verbose": 1, "shLib": null, "noEscape": false, "tmpPath": null, "commonTables": false, "col": null, "referer": null, "skipUrlEncode": false, "data": null, "checkInternet": false, "forceDns": false, "suffix": null, "sessionFile": null, "preprocess": null, "resultsFile": null, "eta": false, "optimize": false, "dumpWhere": null, "csrfUrl": null, "host": null, "uCols": null, "proxyFreq": null, "disablePrecon": false, "dropSetCookie": false, "level": 3, "limitStop": null, "googleDork": null, "regVal": null, "csrfToken": null, "getStatements": false, "cleanup": false, "getCurrentDb": false, "tbl": null, "firstChar": null, "repair": false, "msfPath": null, "code": null, "updateAll": false, "technique": "BEUSTQ", "getColumns": false, "tmpDir": null, "database": "c:\users\admini~1\appdata\local\temp\2\sqlmapipc-3qnzyn", "getTables": false, "ignoreRedirects": false, "binaryFields": null, "sqlShell": false, "udfInject": false, "getAll": false, "os": null, "isDba": false, "threads": 1, "timeSec": 5, "paramDel": null, "liveCookies": null, "postprocess": null, "getDbs": true, "lastChar": null, "uChar": null, "user": null, "forms": false, "getBanner": "true"}}
Failed to start SQLMap Scan for Task: 333f5cd2e7271468
02:10:01] [DEBUG] Created new task: '333f5cd2e7271468'
02:10:01] [DEBUG] (333f5cd2e7271468) Requested to set options
02:10:01] [DEBUG] (333f5cd2e7271468) Listed task options
02:10:01] [DEBUG] (333f5cd2e7271468) Started scan`
actual links were replaced with asterisks for security reasons.
from sqlipy.
What version of sqlipy are you using? Has it worked before for you (previous versions of the tool or on previous versions of Burp)?
It's not showing up because, as noted, it believes that the scan failed to start. Based on the output, it is successfully creating the task and setting the options for the task, but when it attempts to run/start the task sqlmapapi either doesn't respond in time or doesn't respond with success = true (roughly line 1538). It appears as though it eventually does start though based on sqlmap debug logs. Does your system have high utilization when this happens?
Does sqlipy work on any other sites or pages? You should actually see two python processes, as one will be for sqlmapapi and one will be for the scan - do you see two after the scan is started?
from sqlipy.
What version of sqlmap are you using? Have you tried using the version bundled with the extension?
You are using a non-bundled version, and in the past updates to sqlmap aren't always reflected in the API and break things. I recommend attempting a scan using the version included with the extension.
from sqlipy.
-I'm using sqlipy v0.8.2
- This is my first time trying to run the extension, I never tried previous versions of the tool with any version of Burp.
- The system is almost at 1% utilization during testing the tool (running nothing but Burp).
- Yes, a new Python process appears right after I start the scan, and it stays there, until I manually end the process, or wait for it to automatically close after a while.
- I tried both sqlmap versions, the bundled version, and another version that I have downloaded from the official website.
- I have tried different targets, but still the same.
- I copied same sqlmap command generated by the tool, pasted it manually into sqlmap and it normally started testing.
This is a log for a new test I performed just now (target links removed by me):
SQLiPy - 0.8.2
Burp interface to SQLMap via the SQLMap API
[email protected]
Could not find python path in registry at: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Python\PythonCore\2.7\InstallPath.
Could not find python path in registry at: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Python\PythonCore\3.x\InstallPath\ExecutablePath.
Python found in system path at: C:\Python27\python.exe
SQLMap API found at: C:\Users\Administrator\AppData\Roaming\BurpSuite\bapps\f154175126a04bfe8edc6056f340f52e\sqlmap\sqlmapapi.py
Calling: C:\Python27\python.exe C:\Users\Administrator\AppData\Roaming\BurpSuite\bapps\f154175126a04bfe8edc6056f340f52e\sqlmap\sqlmapapi.py -s -H 127.0.0.1 -p 9090
SQLMap API started.
22:14:43] [INFO] Running REST-JSON API server at '127.0.0.1:9090'..
22:14:43] [DEBUG] REST-JSON API server connected to IPC database
22:14:43] [DEBUG] Using adapter 'wsgiref' to run bottle
22:14:47] [WARNING] [0] Invalid task ID provided to scan_status()
SQLMap Command: sqlmap.py -u "http://*******/update_pro_properties_basket.asp?basket_id=42623&pro_id=646&pro_name=m-460_15/0_5g&req_qn=" --delay=0 --timeout=30 --retries=0 --level=3 --risk=1 --threads=1 --time-sec=5 -b --dbs --batch --answers="crack=N,dict=N,continue=Y,quit=N"
Created SQLMap Task: 0c400adf687c52b9
SQLMap options set on Task 0c400adf687c52b9: {"authCred": null, "referer": null, "tamper": null, "getCurrentUser": false, "agent": null, "data": null, "answers": "crack=N,dict=N,continue=Y,quit=N", "dbms": null, "timeout": 30, "getPasswordHashes": false, "torPort": null, "getHostname": false, "textOnly": false, "getUsers": false, "tor": false, "csrfUrl": null, "skipHeuristics": null, "torType": "HTTP", "proxyFreq": null, "authType": null, "testParameter": null, "getRoles": false, "headers": null, "method": null, "cookie": null, "os": null, "isDba": false, "level": 3, "threads": 1, "hpp": false, "timeSec": 5, "ignoreCode": null, "url": "http://********/update_pro_properties_basket.asp?basket_id=42623&pro_id=646&pro_name=m-460_15/0_5g&req_qn=", "proxy": null, "retries": 3, "csrfToken": null, "delay": 0, "liveCookies": null, "getDbs": true, "risk": 1, "getPrivileges": false, "getCurrentDb": false, "getBanner": "true"}
SQLMap options returned: {"success": true, "options": {"beep": false, "tamper": null, "getCurrentUser": false, "dnsDomain": null, "bulkFile": null, "googlePage": 1, "api": true, "authFile": null, "safeUrl": null, "taskid": "0c400adf687c52b9", "getRoles": false, "fileDest": null, "rParam": null, "profile": false, "requestFile": null, "proxy": null, "retries": 3, "delay": 0, "sqlFile": null, "authCred": null, "paramFilter": null, "hexConvert": false, "freshQueries": false, "offline": false, "torPort": null, "csrfRetries": 0, "search": false, "getHostname": false, "textOnly": false, "notString": null, "configFile": null, "authType": null, "dumpFormat": "CSV", "outputDir": null, "keepAlive": false, "flushSession": false, "disableColoring": true, "hpp": false, "parseErrors": false, "getSchema": false, "limitStart": null, "wizard": false, "getPrivileges": false, "predictOutput": false, "cookieDel": null, "db": null, "osShell": false, "agent": null, "testFilter": null, "safeFreq": null, "dbms": null, "regDel": false, "proxyFile": null, "getPasswordHashes": false, "osPwn": false, "extensiveFp": false, "testSkip": null, "osSmb": false, "skipHeuristics": null, "forceSSL": false, "getComments": false, "exclude": null, "dbmsCred": null, "randomAgent": false, "dumpTable": false, "batch": true, "ignoreCode": null, "crawlDepth": null, "encoding": null, "commonFiles": false, "unstable": false, "checkTor": false, "logFile": null, "webRoot": null, "listTampers": false, "harFile": null, "string": null, "dumpAll": false, "purge": false, "secondReq": null, "timeout": 30, "paramExclude": null, "ignoreTimeouts": false, "excludeSysDbs": false, "alert": null, "scope": null, "fileWrite": null, "headers": null, "osCmd": null, "mobile": false, "chunked": false, "safePost": null, "titles": false, "commonColumns": false, "safeReqFile": null, "csrfMethod": null, "regData": null, "nullConnection": false, "regRead": false, "loadCookies": null, "risk": 1, "prefix": null, "privEsc": false, "answers": "crack=N,dict=N,continue=Y,quit=N", "base64Parameter": null, "dummy": false, "crawlExclude": null, "fileRead": null, "getUsers": false, "torType": "HTTP", "getCount": false, "smokeTest": false, "secondUrl": null, "skipWaf": false, "murphyRate": null, "method": null, "cookie": null, "sqlQuery": null, "evalCode": null, "regAdd": false, "uFrom": null, "skipStatic": false, "dependencies": false, "saveConfig": null, "charset": null, "regexp": null, "proxyCred": null, "direct": null, "skip": null, "base64Safe": false, "smart": false, "invalidBignum": false, "noCast": false, "tor": false, "invalidString": false, "ignoreProxy": false, "regType": null, "csvDel": ",", "testParameter": null, "trafficFile": null, "invalidLogical": false, "osBof": false, "pivotColumn": null, "regKey": null, "url": "http://*******/update_pro_properties_basket.asp?basket_id=42623&pro_id=646&pro_name=m-460_15/0_5g&req_qn=", "verbose": 1, "shLib": null, "noEscape": false, "tmpPath": null, "commonTables": false, "col": null, "referer": null, "skipUrlEncode": false, "data": null, "checkInternet": false, "forceDns": false, "suffix": null, "sessionFile": null, "preprocess": null, "resultsFile": null, "eta": false, "optimize": false, "dumpWhere": null, "csrfUrl": null, "host": null, "uCols": null, "proxyFreq": null, "disablePrecon": false, "dropSetCookie": false, "level": 3, "limitStop": null, "googleDork": null, "regVal": null, "csrfToken": null, "getStatements": false, "cleanup": false, "getCurrentDb": false, "tbl": null, "firstChar": null, "repair": false, "msfPath": null, "code": null, "updateAll": false, "technique": "BEUSTQ", "getColumns": false, "tmpDir": null, "database": "c:\users\admini~1\appdata\local\temp\2\sqlmapipc-p3u_ez", "getTables": false, "ignoreRedirects": false, "binaryFields": null, "sqlShell": false, "udfInject": false, "getAll": false, "os": null, "isDba": false, "threads": 1, "timeSec": 5, "paramDel": null, "liveCookies": null, "postprocess": null, "getDbs": true, "lastChar": null, "uChar": null, "user": null, "forms": false, "getBanner": "true"}}
Failed to start SQLMap Scan for Task: 0c400adf687c52b9
22:18:16] [DEBUG] Created new task: '0c400adf687c52b9'
22:18:16] [DEBUG] (0c400adf687c52b9) Requested to set options
22:18:16] [DEBUG] (0c400adf687c52b9) Listed task options
22:18:16] [DEBUG] (0c400adf687c52b9) Started scan
and here are some screenshots attached, just in case:
I hope that helps.
from sqlipy.
I have the same version of Burp, the extension, and jython installed and cannot replicate this issue. The only difference is that I am using Java 11.
Can you add a few lines of code to the extension on your system to troubleshoot? First, at the top, please add:
import traceback.
Next, there is a try block that attempts to start a scan beginning around line #1533, that has a print statement around line #1548. Can you comment out that line and add:
print 'SQLmap start response was: ' + str(resp) + '\n'
Then, in the 'except' block just below, comment out the print statement and replace with:
traceback.format_exc()
My assumption is that for some reason the check is failing completely and hitting that exception. Why I don't know, but the exception should give me the details I need.
from sqlipy.
Closing as no extra details were provided.
from sqlipy.
Related Issues (20)
- always freezes the whole burp suite HOT 12
- https://github.com/codewatchorg/sqlipy HOT 3
- No burp
- No "SQLiPy Scan" option in context menu HOT 1
- FR: Table View of Results
- FR: Auto Start Scan after Sending to SQLiPy
- FR: Ignore Cookies HOT 1
- FR: Flag False Positives as an FP or Info Issue HOT 1
- No right click console integration HOT 2
- Problem with running SQLiPy.py HOT 3
- Not getting same results in cli sqlmap HOT 3
- "Start Scan" button does nothing HOT 2
- SQLMap API not starting HOT 21
- Cannot See Scan Results HOT 3
- Sqlmaps do not keep path HOT 2
- SQLMap API is NOT running Error HOT 5
- Allow Specification of Technique in BurpSuite HOT 4
- Support for auto logs fetching
- FR: Auto save logs to disk / project
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sqlipy.