Sqlmap can batch scan the log file containing request, and the request log file can be obtained by burpsuite.
As a result, the Sqlmap combined with the Burpsuite tool allows for a more efficient, carpet-based scan of the application for SQL injection vulnerabilities.
1. The first is the Burp set record log, the file name is a random fill.
2. Put the recorded log file in the Sqlmap directory
3.SQLMAP Read log automatic test:
Python sqlmap.py-l file name--batch-smart
Batch: Automatically select Yes.
Smart: Heuristic quick judgment, save time.
4. The last URL that can be injected is saved to the Out folder
Note: If there are characters in the log file that Sqlmap cannot read (characters outside the ASCII code), the read fails.
1. Configure Burpsuite to record all request records and save them in the specified folder.
Because the Windows Sqlmap tool needs to use Python, my sqlmap path is placed under D:\mysoft\Python\sqlmap,
The record file that collects the request is named the D:\mysoft\Python\sqlmap\burp.log file.
2. Execute command: sqlmap.py-l burp.log--batch-smart to inject scan of all request saved in Burp.log.
Batch: will automatically select Yes
Smart: Heuristic quick judgment, save time.
The last URL that the window version of Sqlmap can inject will be saved to the C:\Users\Administrator\.sqlmap folder.
Burpsuite Export log Mate Sqlmap Batch Scan injection point