I need to do SQL
injection on a part of cookie using sqlmap. The target URL
is static.
A sample cookie:
Cookie1=blah_var1/blah_val1/blah_var2/blah_val2/searchtext/userinput/blah_var3/blah_val3/.../
In this cookie i need to inject the "userinput" using sqlmap. I know --cookie parameter but it wont work in this case. This is like part of cookie alone have to be injected using sqlmap.
I don't know how to do this. Please help.
Intercept all request, save it to a file and then give that file to sqlmap with -r parameter, by default sqlmap should check cookie.
sqlmap.py -r request.txt
You can use tamper data (firefox extension), or free version of burp proxy to intercept request.