Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ATLAS 2.0 #28

Closed
hastalamuerte opened this issue Aug 9, 2022 · 3 comments
Closed

ATLAS 2.0 #28

hastalamuerte opened this issue Aug 9, 2022 · 3 comments

Comments

@hastalamuerte
Copy link

hastalamuerte commented Aug 9, 2022
edited
Loading

@m4ll0k PLZ. Update Atlas

Sqlmap still not provide full tamper suggester function (but sometimes it show what perhaps filtered and named usefull tamper)
But there is a great need to perform a post requests right . now in atlas it seems work not so fine.
Also import txt file with request from other soft is musthave . example -r command in sqlmap .

PLZ COME BACK. Cause still there is no alternatives in automated soft for that purposes.

I see @muminkoykiran is one who still intrested and pull that git. Man, maybe you can made update in fork for that functions?
@muminkoykiran
Copy link

Hello @hastalamuerte,

The reason why I forked the project was actually because I had made the work in the link below, where I opened a pull request, in order to be more comfortable for myself during the installation steps. Would you please take a look? In terms of the features you mentioned, I include it in my plans for development.

#26

@hastalamuerte
Copy link
Author

hastalamuerte commented Aug 13, 2022
edited
Loading

Hello @hastalamuerte,

The reason why I forked the project was actually because I had made the work in the link below, where I opened a pull request, in order to be more comfortable for myself during the installation steps. Would you please take a look? In terms of the features you mentioned, I include it in my plans for development.

#26

Hello. thx for your support.
Great tool must live.

Here is examples of post , get , post multipart data request files -->
Getpayload.txt
getclear.txt
multipartclear.txt
multipartpayload.txt
postpayload.txt
postpayloadclear.txt
i made payload files with sqli and clear with mark* after value of injectable parameter. I dont know how exactly it work (symbol * in sqlmap) to confirm payload place. Will it inject after original value , or it will also change it in tests. In sqlmap you can provide -p parametr name and it will be found in request file (anywhere head body data cookies etc..)

Here is module in sqlmap wich was renew and fixed for some multipart data issues https://github.com/sqlmapproject/sqlmap/blob/7c2b3afafbfa00e7be8ae6ede7011fc37ef56145/lib/core/option.py line 146 (i think thats not all.. )

Aslo there is tool https://github.com/Ekultek/WhatWaf
It have same functional , and same was core updated 2 years ago, but maybe you can use -r file request module from it . He anyway use sqlmap with no contrib )))))

If it all will work i think new version of atlas can be (partly) implemented in sqlmap

@hastalamuerte
Copy link
Author

if it will work in atlas i got some other stuff like tampers and tamper api , custompayloads, etc and some waf evasion info , wich can be useful.
But the first thing that need Atlas is work correctly with request files

@hastalamuerte hastalamuerte closed this as not planned Won't fix, can't repro, duplicate, stale Apr 24, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@muminkoykiran @hastalamuerte