SQLMap API not starting about sqlipy HOT 21 CLOSED

You are trying to run a proxy on the same port as you are running sqlmapapi. That won't work, you can't have Burp listen on the same ports as sqlmapapi - you don't need a proxy listenting on port 9090 for the API to run.

from sqlipy.

Hello,

thank you for the fast reply. I made the following change:

And the log gives me this message:

Calling: C:\Python27\python.exe C:\Users\bruno\AppData\Roaming\BurpSuite\bapps\f154175126a04bfe8edc6056f340f52e\sqlmap\sqlmapapi.py -s -H 127.0.0.1 -p 9090

Failed to start the SQLMap API

15:35:43] [INFO] Running REST-JSON API server at '127.0.0.1:9090'..
15:35:43] [DEBUG] REST-JSON API server connected to IPC database
15:35:43] [DEBUG] Using adapter 'wsgiref' to run bottle

The default configuration looks like that:

As you can see I still haven't manage to start it.

Kind regards,
Bruno

from sqlipy.

interestingly it actually looks like it really is running since the logs show it starting up. have you run netstat to see if anything is listening on port 9090? the checks to validate whether it is running might be happening faster than it starts up making the extension think it hasn't started.

I would also just try running the above from the command line to see what errors you get. If it isn't starting, that sounds like a sqlmapapi issue, which I don't develop.

from sqlipy.

Port 9090 is available and there is nothing running on it. I tried to run the extension with another port also.

From the command line I get the following:

[17:20:21] [INFO] Running REST-JSON API server at '127.0.0.1:9090'..
[17:20:21] [INFO] Admin (secret) token: ************************************************************
[17:20:21] [DEBUG] IPC database: 'c:\users\bruno\appdata\local\temp\sqlmapipc-dj5kye'
[17:20:21] [DEBUG] REST-JSON API server connected to IPC database
[17:20:21] [DEBUG] Using adapter 'wsgiref' to run bottle

And on the browser:

from sqlipy.

FYI, you can still use the extension without starting the API from within the extension. It looks like starting from the command line works, so you would just manually set the SQLMap API IP (in the "SQLMap Scanner" tab) to 127.0.0.1 and the port to the right port and you can send requests to the API, retrieve the logs, stop scans, and any successful results will show up in the issues tab.

Unfortunately, I don't have enough in the above to know what is going wrong. The logs indicate that it is starting the API but that the test to validate startup occurs to quickly. The API works from the command line. I cannot replicate this issue.

What version of Python 2.7 is installed? What OS are you running on? What version of Burp?

from sqlipy.

Hi, thanks for the reply.

Python: 2.7 and 3.8
Os: Windows 11 and WSL Ubuntu
Burp: Professional v2022.8.5

from sqlipy.

I don't have Windows 11, but I am using Python 2.7.18, with Burp Pro v2022.8.5, and starting it from Windows 10 using those versions works fine. I can't reproduce this error (note that I have tested with 3.10.1 and at least that 3.x branch of Python does not work with the version of sqlmapapi bundled with the extension - I need to update the bundle).

from sqlipy.

What version of Java are you using? Unfortunately, the extension was written in Python so it relies on Jython. Last I checked, Jython requires Java 1.7 or 1.8 (not the newer releases of Java).

from sqlipy.

Sorry for the late reply.

Java 1.8.

On burp it did not work, but I was able to use it with the terminal.

from sqlipy.

Actually, it does appear to work with newer versions. I had a VM that I didn't realize was using jdk-11.0.7 and it works on that version. I don't think that is the issue, as in the past it worked fine on 1.8, but I can't be sure.

In any case, I can't seem to replicate this issue on my host. Does anything get printed in the "Errors" tab (in Burp's Extender tab, click on the extension after trying to start the API and then click on the "Errors" tab below instead of "Output").

If you open the extension for editing and add "import traceback" at the top of the extension and then add:
print(traceback.format_exc())

Above each line where it says: print 'Failed to start the SQLMap API\n'

That might help me resolve the issue. You would need to unload and then reload the extension, and then try to start the API again.

from sqlipy.

Using the latest Burp Suite Professional Stable version on Windows 11 with Python 3.10.7.
Clicking Start API button does not work and nothing is printed in logs.
It starts the sqlmapapi.py briefly and the REST-service is accessible with a web browser for 2 seconds but all fails after that.

Running the sqlmapapi.py manually in terminal works just fine. Connecting to it directly via SQLMap Scanner tab does nothing.

from sqlipy.

The connecting directly is curious as the extension doesn't require that sqlmapapi be started by the extension. Using the right IP/port should be fine.

It definitely will not work with Python 3. There is an issue with the bundled version of sqlmapapi and Python 3. I need to find some time to update the bundled version of sqlmap to the latest version in order to work with v3.

from sqlipy.

Actually, it does appear to work with newer versions. I had a VM that I didn't realize was using jdk-11.0.7 and it works on that version. I don't think that is the issue, as in the past it worked fine on 1.8, but I can't be sure.

In any case, I can't seem to replicate this issue on my host. Does anything get printed in the "Errors" tab (in Burp's Extender tab, click on the extension after trying to start the API and then click on the "Errors" tab below instead of "Output").

If you open the extension for editing and add "import traceback" at the top of the extension and then add: print(traceback.format_exc())

Above each line where it says: print 'Failed to start the SQLMap API\n'

That might help me resolve the issue. You would need to unload and then reload the extension, and then try to start the API again.

What should I edit? The .py file? or where can I open the extension to edit?

from sqlipy.

Yes, the .py file. Another thing to try, just for kicks, is setting the actual IP versus the loopback.

from sqlipy.

Ok, I just updated the version of sqlmap used by the extension. You can download this GitHub project and load in Burp and test to see if that resolves the issue. Please test with a newer version of Java, I am testing with JDK 11. If that doesn't resolve the issue, then it might be something to do with Windows 11.

from sqlipy.

thank you, ill do that and let you know.

from sqlipy.

The update now enables support for Python 3.x as well. I successfully used it with 3.10.1.

from sqlipy.

This appears to be a bug in Jython 2.7.3 - I have been using 2.7.2. When I used the latest Jython (2.7.3) I had the same issue but when I used 2.7.2 it worked.

from sqlipy.

Hi guys, i had the same problem in linux with this configuration:

• burp v. 2022.7.1 community edition
• java v. 11.0.16
• sqlmap v. 1.6.7
• jython v. 2.7.3

After debugging the code i found that the problem was in file "SQLiPy.py" and the way urllib handles request/response.
The issue lies in the request unicode object and response format "unicode" received from the api and this python lib doesn't like unicode values. For me, converting format to string solved the issue.

I tested this "SQLiPy.py" fix (you can find it in my fork) with both the previous plugin installed via BApp Store (with SQLiPy version 0.8.2) and using the latest files in the repo (with SQLiPy version 0.8.3).
Both work while maintaining the same environment (version of java, jython, burp above).
It also works with manual run sqlmapi on terminal or/and using python3.
If anyone has the same problem, i hope it can help.

PS.
I haven't tested it in windows OS yet.

from sqlipy.

Just added the above fixes from h3xstone, didn't appear to break anything (tested on Windows).

from sqlipy.

These updates have now been merged in the latest version within the BApp Store.

from sqlipy.