Thursday, October 11, 2012

How to Proxy SQLMap Through BURP For HTTPS URLs

After beating my head off the wall for an hour or so I finally figured out an interesting way to do this. Extensive Googling didn't turn anything up so I decided to post here for future reference and to save others the headache.

This is a pretty common and necessary task. Some good examples of when you may need to do it are to deal with CSRF tokens that update on every request or test for SQL injection in a multistep process. BURP macros and Session Handling can deal with these scenarios but for some reason sqlmap doesn't like to be proxied for HTTPS URL's, I think it's probably because of the certificate that BURP uses.

Anyways doing it is quite easy once you figure it out. Just enable your proxy and under Proxy -> Options -> Request Handling, select "Force Use of SSL". Then in sqlmap, feed it a plain http url rather than https. BURP will translate this to HTTPS when it receives requests.

Now you can let BURP work its macro and session handling magic on the sqlmap requests!

No comments:

Post a Comment