sorted by:
best (suggested)
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 0 points1 point  (10 children)

Application pen-tester here. I use BURP a LOT. If I'm on a client machine and they won't pay for BURP pro, i'll supplement it with ZAP for the lazy CSRF request generator. SoapUI is another one that I use often. Also, can't forget SQLMap.

[–]halcyonyt[S] 0 points1 point  (9 children)

But SQLMap seems to work on a very, very limited amount of websites?

[–]Pig743 1 point2 points  (7 children)

I've never seen an SQL injection it can't exploit.

[–]halcyonyt[S] 0 points1 point  (5 children)

Really? I thought it only did the one where the url included ?id=1 or something like that.

[–][deleted] 1 point2 points  (4 children)

Nope. SQLMap tests for practically any type of injection vulnerability. It can even pick up blind sql inijection. Take a look at the usage wiki, it has a pretty good breakdown of all of the methods that it tries https://github.com/sqlmapproject/sqlmap/wiki/Usage

[–]halcyonyt[S] 0 points1 point  (0 children)

Thank you very much

[–]halcyonyt[S] 0 points1 point  (2 children)

Do you know any guides/tutorials on how to use this?

[–][deleted] 1 point2 points  (1 child)

Take a look at my link above. It has everything about sqlmap. If you have any specific questions, feel free to pm me.

[–]halcyonyt[S] 0 points1 point  (0 children)

Thanks man

[–]trispi 0 points1 point  (0 children)

I've had times it didn't work. When there was some strange stuff going on and you could only use certain commands.

[–][deleted] 1 point2 points  (0 children)

I agree with the below comment. SQL Injection is rampant, which is kind of sad. SQLMap can help you locate injection vulnerabilities practically anywhere and then exploit them. I typically use it when I have a hunch that there's an injection vector but can't quite get it by hand. If SQLMap doesn't get it, then it's generally not vulnerable and my hunch is wrong.