cannot parse multiple requests from BURP-like log file with -l option

[isakau1]

Hi guys, can't make it read multiple requests from BURP-like log file with -l option. Does it support this? I tried variants of request separators (double empty lines, dashes, asterisks, equal signs) without luck - it always says "not a valid WebScarab log data... sqlmap parsed 1 (parameter unique) requests from the targets list ready to be tested", and takes only first request.

Maybe i'm using wrong separators? Please could you explain and maybe update documentation on this?

My command: sqlmap -l burp.txt

My txt file example:

======================================================
12:05:23 AM  https://domain.com:443  [domain.com]
======================================================
GET /url1/?id=1 HTTP/1.1
Host: https://domain.com

======================================================
12:05:22 AM  https://domain.com:443  [domain.com]
======================================================
POST /url2/ HTTP/1.1
Host: https://domain.com

id=1&param=a

...

[isakau1]

Or maybe there is way for -m option to work with POST requests? - in the documentation there is only format for GET requests...

[stamparm]

that doesn't look like neither webscarab nor burp log file.

example webscarab file:

example burp log file:

[stamparm]

after a second look, i've realized that you've used an old version of Burp log file. it should be parseable by sqlmap out of the box.

i believe that you haven't put the ====================================================== at the end of the provided file. anyhow, with the latest revision, that can be skipped.

with the latest revision:

$ cat list.req 
======================================================
12:05:23 AM  https://domain.com:443  [domain.com]
======================================================
GET /url1/?id=1 HTTP/1.1
Host: https://domain.com

======================================================
12:05:22 AM  https://domain.com:443  [domain.com]
======================================================
POST /url2/ HTTP/1.1
Host: https://domain.com

id=1&param=a

$ python3.11 sqlmap.py -l list.req -v 3
        ___
       __H__
 ___ ___[(]_____ ___ ___  {1.8.6.15#dev}
|_ -| . [.]     | .'| . |
|___|_  [)]_|_|_|__,|  _|
      |_|V...       |_|   https://sqlmap.org

[!] legal disclaimer: Usage of sqlmap for attacking targets without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program

[*] starting @ 23:12:31 /2024-06-28/

[23:12:31] [DEBUG] cleaning up configuration parameters
[23:12:31] [DEBUG] parsing targets list from 'list.req'
[23:12:31] [INFO] sqlmap parsed 2 (parameter unique) requests from the targets list ready to be tested
[23:12:31] [DEBUG] setting the HTTP timeout
[23:12:31] [DEBUG] setting the HTTP User-Agent header
[23:12:31] [DEBUG] creating HTTP requests opener object
[23:12:32] [INFO] found a total of 2 targets
[23:12:32] [DEBUG] initializing the knowledge base
[1/2] URL:
GET https://domain.com:443/url1/?id=1
do you want to test this URL? [Y/n/q]
> n

[23:12:33] [DEBUG] initializing the knowledge base
[2/2] URL:
GET https://domain.com:443/url2/
POST data: id=1&param=a
do you want to test this URL? [Y/n/q]
> n


[*] ending @ 23:12:33 /2024-06-28/

[stamparm]

p.s. that not a valid WebScarab log data was a dummy DEBUG message. cleared it too with the latest revision

[isakau1]

works like a charm now, many thanx!