The following steps will guide you to capture SQL injection with the help of sqlmap command:
- To use a request capture with sqlmap, it must first be saved in text format. To do this, right-click on the request content in Burp Suite and then select Copy to file. Once it's saved, you can verify the contents of the file by browsing to the directory and using the cat command, as follows:
- To use the request capture, use sqlmap with the -r argument and the value of the absolute path of the file. Using this method often drastically reduces the amount of information that needs to be provided in the sqlmap command, as much of the information that would otherwise be provided is included in the request. Have a look at the following example:
- In the example provided, no cookie values need to be passed to sqlmap because the cookie values are already identified in the captured request. When sqlmap is launched, the cookie values in the capture will be automatically used in all requests, as follows:
- The sqlmap command is able to test all GET method parameters identified in the request capture. Here, we can see that the id parameter is vulnerable to several SQL injection techniques.