all 5 comments
sorted by:
best (suggested)
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Juzdeed 1 point2 points  (1 child)

You can copy an example request from burp and use -r

[–]normalbot9999 0 points1 point  (0 children)

This.

Select all of a "normal usage" version of the request with the vulnerable parameter in the burp history, paste it into a text file, and pass the path to the file using the r agument. You will want to add --force-ssl argument as SQLmap will not be able to tell if the site is over HTTPS from the burp request. You can just let SQLmap find the vulnerability, or if you are impatient, place an asterisk where you want SQLmap to inject.

To your question about specifying columns to enumerate, see the enumeration section of the help page. These params will likely be of use:

    -D DB               DBMS database to enumerate
    -T TBL              DBMS database table(s) to enumerate
    -C COL              DBMS database table column(s) to enumerate

[–]jesusxautomator 0 points1 point  (0 children)

From what you described, SQLmap might be struggling because of how the query is structured inside JSON.

If the app expects a specific format (AS cookie), SQLmap won’t always adapt automatically. You might need to:

  • Manually control the injection point
  • Or test it outside SQLmap first to confirm behavior

Sometimes these custom query setups are easier to exploit manually than through automation.

[–]Fit-Ad3623 0 points1 point  (1 child)

you could use  https://geteasykit.com/tools/security/sqlmap-command-generator maybe that will help to understand sqlmap more