freebuf
本文来源:
使用burpsuite的日志记录功能,开启这个功能
你不可能使用开启proxy日志,因为你只能有意识去筛选注入的数据包,所以你在proxy那里拦截到数据包之后,发送到repeater,然后run,才可以记录日志。
我们拿这个做测试站,http://testphp.vulnweb.com/
====================================================== 17:40:30 http://testphp.vulnweb.com:80 [176.28.50.165] ====================================================== POST /guestbook.php HTTP/1.1 Host: testphp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Referer: http://testphp.vulnweb.com/guestbook.php Content-Type: application/x-www-form-urlencoded Content-Length: 45 Connection: close Upgrade-Insecure-Requests: 1 name=anonymous+user Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Referer: http://testphp.vulnweb.com/artists.php Connection: close Upgrade-Insecure-Requests: 1 ====================================================== ====================================================== 17:41:19 http://testphp.vulnweb.com:80 [176.28.50.165] ====================================================== POST /comment.php HTTP/1.1 Host: testphp.vulnweb.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Referer: http://testphp.vulnweb.com/comment.php?aid=1 Content-Type: application/x-www-form-urlencoded Content-Length: 90 Connection: close Upgrade-Insecure-Requests: 1 name=%3Cyour+name+here%3E1 3 : send_email() break else: time.sleep(10)
转载请注明来自网盾网络安全培训,本文标题:《sqlmap批量跑的思路》
标签:SqlMap
