From the course: Burp Suite Essential Training
Join today to access over 24,900 courses taught by industry experts.
Saving request messages for further exploitation - Burp Suite Tutorial
From the course: Burp Suite Essential Training
Saving request messages for further exploitation
- [Instructor] We've looked at how we might obtain data that SQLmap can use, but another way of working with SQLmap is to feed it a complete message. Let's see how we do this using another of the main Hack The Box servers, Falafel. Let's go to Falafel on 10.10.10.73. And we're presented with the FalafeLover's website, with the login page. Let's go and try and log in. Okay, let's try some basics, like admin admin. And we get a message, wrong identification admin. If we try that again with random random, we get a message, try again. The first message is given for a valid user ID but incorrect password. And the second, when the user ID is incorrect. Okay, let's go to our target site map and look at the post message. And in the actions, select Copy to File. And we'll copy that to falafel.text. Now we can run our SQL command using the request packet and the value, wrong identification, which indicates a valid response on…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.