I use -m switch in sqlmap to read targets from file and test all of them for sql injection.
sqlmap -m requests-file.txt --batch
There isn't problem with 'GET' requests and query string parameters. But in this way, I can't test requests with 'POST' method that have parameters in post body for each request.
Is it possible add data of each request in file for using with -m switch?
Is there any solution for test multiple 'POST' requests using sqlmap?
The -m switch is specifically designed to read a file containing URLs or request data and test them for SQL injection vulnerabilities. However, it does not support embedding custom request data for each individual request within the file, But If you need to test multiple POST requests with different parameters in the post body using SQLMap, you have a few potential options:
- Use Burp Suite: You can use a proxy tool like Burp Suite to capture the individual 'POST' requests with their specific parameters and save them to a file. Then, you can use the
-rswitch with SQLMap to read the file containing the captured requests. This way, SQLMap will process each request separately.- Use a different tool: There are other web vulnerability scanners available that might have more flexible options for testing multiple POST requests with different parameters.
OWASP ZAPandWfuzzare two examples of web vulnerability scanners that may offer such capabilities.- Create a custom script: You can write a script in a programming language like Python to automate the process of sending 'POST' requests with different parameters to SQLMap one by one.
