Tool tips – SQLmap with POST requests

This particular tool tip came up while attempting to work on the vulnerable VM Skytower. Although it didn’t yield any results I wanted to remember how to do this:

When dealing with POST requests the best way to capture the request is with Burp suite. I spidered the site and when it asked me if I wanted to submit the form I said yes to capture the request. This gave me the post request needed for SQLmap:

Burpe POST request

I highlighted the post request and chose copy to file

Burpe POST request copy to file

After copying the file you start SQLmap with the following command:

sqlmap -r POST-request-login.txt -p password

-r Load HTTP request from a file
-p Testable parameter(s)

This will parse the request and start running sqlmap
SQLMap post request

Post navigation