Comments (21)
You are trying to run a proxy on the same port as you are running sqlmapapi. That won't work, you can't have Burp listen on the same ports as sqlmapapi - you don't need a proxy listenting on port 9090 for the API to run.
from sqlipy.
Hello,
thank you for the fast reply. I made the following change:
And the log gives me this message:
Calling: C:\Python27\python.exe C:\Users\bruno\AppData\Roaming\BurpSuite\bapps\f154175126a04bfe8edc6056f340f52e\sqlmap\sqlmapapi.py -s -H 127.0.0.1 -p 9090
Failed to start the SQLMap API
15:35:43] [INFO] Running REST-JSON API server at '127.0.0.1:9090'..
15:35:43] [DEBUG] REST-JSON API server connected to IPC database
15:35:43] [DEBUG] Using adapter 'wsgiref' to run bottle
The default configuration looks like that:
As you can see I still haven't manage to start it.
Kind regards,
Bruno
from sqlipy.
interestingly it actually looks like it really is running since the logs show it starting up. have you run netstat to see if anything is listening on port 9090? the checks to validate whether it is running might be happening faster than it starts up making the extension think it hasn't started.
I would also just try running the above from the command line to see what errors you get. If it isn't starting, that sounds like a sqlmapapi issue, which I don't develop.
from sqlipy.
Port 9090 is available and there is nothing running on it. I tried to run the extension with another port also.
From the command line I get the following:
[17:20:21] [INFO] Running REST-JSON API server at '127.0.0.1:9090'..
[17:20:21] [INFO] Admin (secret) token: ************************************************************
[17:20:21] [DEBUG] IPC database: 'c:\users\bruno\appdata\local\temp\sqlmapipc-dj5kye'
[17:20:21] [DEBUG] REST-JSON API server connected to IPC database
[17:20:21] [DEBUG] Using adapter 'wsgiref' to run bottle
from sqlipy.
FYI, you can still use the extension without starting the API from within the extension. It looks like starting from the command line works, so you would just manually set the SQLMap API IP (in the "SQLMap Scanner" tab) to 127.0.0.1 and the port to the right port and you can send requests to the API, retrieve the logs, stop scans, and any successful results will show up in the issues tab.
Unfortunately, I don't have enough in the above to know what is going wrong. The logs indicate that it is starting the API but that the test to validate startup occurs to quickly. The API works from the command line. I cannot replicate this issue.
What version of Python 2.7 is installed? What OS are you running on? What version of Burp?
from sqlipy.
Hi, thanks for the reply.
Python: 2.7 and 3.8
Os: Windows 11 and WSL Ubuntu
Burp: Professional v2022.8.5
from sqlipy.
I don't have Windows 11, but I am using Python 2.7.18, with Burp Pro v2022.8.5, and starting it from Windows 10 using those versions works fine. I can't reproduce this error (note that I have tested with 3.10.1 and at least that 3.x branch of Python does not work with the version of sqlmapapi bundled with the extension - I need to update the bundle).
from sqlipy.
What version of Java are you using? Unfortunately, the extension was written in Python so it relies on Jython. Last I checked, Jython requires Java 1.7 or 1.8 (not the newer releases of Java).
from sqlipy.
Sorry for the late reply.
Java 1.8.
On burp it did not work, but I was able to use it with the terminal.
from sqlipy.
Actually, it does appear to work with newer versions. I had a VM that I didn't realize was using jdk-11.0.7 and it works on that version. I don't think that is the issue, as in the past it worked fine on 1.8, but I can't be sure.
In any case, I can't seem to replicate this issue on my host. Does anything get printed in the "Errors" tab (in Burp's Extender tab, click on the extension after trying to start the API and then click on the "Errors" tab below instead of "Output").
If you open the extension for editing and add "import traceback" at the top of the extension and then add:
print(traceback.format_exc())
Above each line where it says: print 'Failed to start the SQLMap API\n'
That might help me resolve the issue. You would need to unload and then reload the extension, and then try to start the API again.
from sqlipy.
Using the latest Burp Suite Professional Stable version on Windows 11 with Python 3.10.7.
Clicking Start API button does not work and nothing is printed in logs.
It starts the sqlmapapi.py briefly and the REST-service is accessible with a web browser for 2 seconds but all fails after that.
Running the sqlmapapi.py manually in terminal works just fine. Connecting to it directly via SQLMap Scanner tab does nothing.
from sqlipy.
The connecting directly is curious as the extension doesn't require that sqlmapapi be started by the extension. Using the right IP/port should be fine.
It definitely will not work with Python 3. There is an issue with the bundled version of sqlmapapi and Python 3. I need to find some time to update the bundled version of sqlmap to the latest version in order to work with v3.
from sqlipy.
Actually, it does appear to work with newer versions. I had a VM that I didn't realize was using jdk-11.0.7 and it works on that version. I don't think that is the issue, as in the past it worked fine on 1.8, but I can't be sure.
In any case, I can't seem to replicate this issue on my host. Does anything get printed in the "Errors" tab (in Burp's Extender tab, click on the extension after trying to start the API and then click on the "Errors" tab below instead of "Output").
If you open the extension for editing and add "import traceback" at the top of the extension and then add: print(traceback.format_exc())
Above each line where it says: print 'Failed to start the SQLMap API\n'
That might help me resolve the issue. You would need to unload and then reload the extension, and then try to start the API again.
What should I edit? The .py file? or where can I open the extension to edit?
from sqlipy.
Yes, the .py file. Another thing to try, just for kicks, is setting the actual IP versus the loopback.
from sqlipy.
Ok, I just updated the version of sqlmap used by the extension. You can download this GitHub project and load in Burp and test to see if that resolves the issue. Please test with a newer version of Java, I am testing with JDK 11. If that doesn't resolve the issue, then it might be something to do with Windows 11.
from sqlipy.
thank you, ill do that and let you know.
from sqlipy.
The update now enables support for Python 3.x as well. I successfully used it with 3.10.1.
from sqlipy.
This appears to be a bug in Jython 2.7.3 - I have been using 2.7.2. When I used the latest Jython (2.7.3) I had the same issue but when I used 2.7.2 it worked.
from sqlipy.
Hi guys, i had the same problem in linux with this configuration:
- burp v. 2022.7.1 community edition
- java v. 11.0.16
- sqlmap v. 1.6.7
- jython v. 2.7.3
After debugging the code i found that the problem was in file "SQLiPy.py" and the way urllib handles request/response.
The issue lies in the request unicode object and response format "unicode" received from the api and this python lib doesn't like unicode values. For me, converting format to string solved the issue.
I tested this "SQLiPy.py" fix (you can find it in my fork) with both the previous plugin installed via BApp Store (with SQLiPy version 0.8.2) and using the latest files in the repo (with SQLiPy version 0.8.3).
Both work while maintaining the same environment (version of java, jython, burp above).
It also works with manual run sqlmapi on terminal or/and using python3.
If anyone has the same problem, i hope it can help.
PS.
I haven't tested it in windows OS yet.
from sqlipy.
Just added the above fixes from h3xstone, didn't appear to break anything (tested on Windows).
from sqlipy.
These updates have now been merged in the latest version within the BApp Store.
from sqlipy.
Related Issues (20)
- https://github.com/codewatchorg/sqlipy HOT 3
- No burp
- No "SQLiPy Scan" option in context menu HOT 1
- Scan starts but does not appear in the scan list HOT 6
- FR: Table View of Results
- FR: Auto Start Scan after Sending to SQLiPy
- FR: Ignore Cookies HOT 1
- FR: Flag False Positives as an FP or Info Issue HOT 1
- No right click console integration HOT 2
- Problem with running SQLiPy.py HOT 3
- Not getting same results in cli sqlmap HOT 3
- "Start Scan" button does nothing HOT 2
- Cannot See Scan Results HOT 3
- Sqlmaps do not keep path HOT 2
- SQLMap API is NOT running Error HOT 5
- Allow Specification of Technique in BurpSuite HOT 4
- Support for auto logs fetching
- FR: Auto save logs to disk / project
- Critical Error When Trying to Run HOT 8
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sqlipy.