sqlmap 防sql 注入的测试
最后更新于:2022-04-02 03:44:52
[TOC]
## 安装
`git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev`
## 使用
帮助
`python sqlmap.py -h`
### -u 测试需要登陆的 url
get
```
python2 sqlmap -u "http://foo.com/api..." --cookie "PHPSESSID=6q0j4ib4rqmd2me2uqcijm1uqg"
```
### -r 把请求信息写入文件,已文件形式发送
添加 `test.txt`
```
GET /index.php?g=weixin&m=small&a=banner HTTP/1.1
Host: www.renbaotengxun.com
Connection: keep-alive
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: Z3tF0N_think_language=zh-CN; PHPSESSID=6q0j4ib4rqmd2me2uqcijm1uqg; thinkphp_show_page_trace=0|0
```
测试
`python2 sqlmap.py -r "test.txt"`
';