sqlmap
Usage (batch style)
sqlmap -r <saved_get_request> --batch [--force-ssl] [--technique=U] [--dbms=mysql] [--passwords]
Custom injection point
- Insert
* where Burp should inject the payload (if necessary) in the saved request.
Common Options
| Option |
Description |
-r <request_file> |
Use a saved request file instead of specifying a URL. This request file can be created using Burp: intercept the request, right-click, “Copy to file…”. |
--batch |
Run in non-interactive mode; automatically answers all questions for you. |
--force-ssl |
Force usage of SSL/HTTPS when communicating with the target. |
--technique=U |
Restrict testing to UNION-based SQL injection and verify that UNION attacks work ahead of time. |
--dbms=mysql |
Explicitly specify the backend DBMS as MySQL (useful when auto-detection fails or to speed up detection). |
--passwords |
Enumerate and dump password hashes for DBMS users. |
--dbs |
Enumerate and list available databases. |
-D <db_name> --dump |
Dump data from a specific database. |
--dump |
Dump data from the current/selected database (or all available data, depending on context and other options). |