How to inject a part of cookie using sqlmap

jerald picture jerald · Jun 23, 2014 · Viewed 34.9k times · Source

I need to do SQL injection on a part of cookie using sqlmap. The target URL is static.

A sample cookie:

Cookie1=blah_var1/blah_val1/blah_var2/blah_val2/searchtext/userinput/blah_var3/blah_val3/.../

In this cookie i need to inject the "userinput" using sqlmap. I know --cookie parameter but it wont work in this case. This is like part of cookie alone have to be injected using sqlmap.

I don't know how to do this. Please help.

Answer

MatandDie picture MatandDie · Jun 23, 2014

Intercept all request, save it to a file and then give that file to sqlmap with -r parameter, by default sqlmap should check cookie.

sqlmap.py -r request.txt

You can use tamper data (firefox extension), or free version of burp proxy to intercept request.