Using Burp Session Handling With Sqlmap
Thursday 25th February, 2016 16:28
Earlier this month, I used Burp's Session Handling Rules to get around an anti-CSRF token in order to get sqlmap working. Sqlmap does have native support for anti-CSRF tokens, but when the parameter it needs to update is part of a multipart form it appears that sqlmap fails to find the parameter that will be updated and it just gives up with an error message.
By configuring sqlmap to use Burp's proxy, and configuring a session handling rule in Burp to acquire and update the token, sqlmap doesn't even need to know about the CSRF protection. I stumbled across the idea based on this article.
It turns out that none of the fields were vulnerable to SQL injection (which I sort of knew from manual testing), but it was an interesting challenge.
By configuring sqlmap to use Burp's proxy, and configuring a session handling rule in Burp to acquire and update the token, sqlmap doesn't even need to know about the CSRF protection. I stumbled across the idea based on this article.
It turns out that none of the fields were vulnerable to SQL injection (which I sort of knew from manual testing), but it was an interesting challenge.