sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2026-02-09 00:49:37 +03:00
Code Issues Packages Projects Releases Wiki Activity
0f4272fabe
sqlmap/lib
History
Dirk 0f4272fabe Add --ignore-400 
I encountered a situation where the console - I am running usally at debug level 2 or 3
is flooded with HTTP 400 (which are kind of annoying):

```
[15:02:41] [DEBUG] got HTTP error code: 400 (Bad Request)
[15:02:41] [DEBUG] got HTTP error code: 400 (Bad Request)
[15:02:42] [DEBUG] got HTTP error code: 400 (Bad Request)
[15:02:42] [DEBUG] got HTTP error code: 400 (Bad Request)
[15:02:42] [DEBUG] got HTTP error code: 400 (Bad Request)
[15:02:43] [DEBUG] got HTTP error code: 400 (Bad Request)
[15:02:43] [DEBUG] got HTTP error code: 400 (Bad Request)
[15:02:44] [DEBUG] got HTTP error code: 400 (Bad Request)
[15:02:44] [DEBUG] got HTTP error code: 400 (Bad Request)
[15:02:44] [DEBUG] got HTTP error code: 400 (Bad Request)
[15:02:45] [DEBUG] got HTTP error code: 400 (Bad Request)
[15:02:45] [DEBUG] got HTTP error code: 400 (Bad Request)
[15:02:46] [DEBUG] got HTTP error code: 400 (Bad Request)
[15:02:46] [DEBUG] got HTTP error code: 400 (Bad Request)
[15:02:46] [DEBUG] got HTTP error code: 400 (Bad Request)
[15:02:47] [DEBUG] got HTTP error code: 400 (Bad Request)
[15:02:47] [DEBUG] got HTTP error code: 400 (Bad Request)
[15:02:48] [DEBUG] got HTTP error code: 400 (Bad Request)
[15:02:52] [DEBUG] got HTTP error code: 400 (Bad Request)
```

as this is triggered by almost every request.

This is a workaround for the above scenario so that on the console I see only what I wanted
to, like:

```
[18:51:18] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (Generic comment)'
[18:51:41] [INFO] testing 'OR boolean-based blind - WHERE or HAVING clause (Generic comment) (NOT)'
[18:52:06] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL)'
[18:52:06] [INFO] testing 'Boolean-based blind - Parameter replace (DUAL) (original value)'
[18:52:07] [INFO] testing 'Boolean-based blind - Parameter replace (CASE)'
[18:52:08] [INFO] testing 'Boolean-based blind - Parameter replace (CASE) (original value)'
[18:52:08] [INFO] testing 'Oracle AND boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'
[18:52:34] [INFO] testing 'Oracle OR boolean-based blind - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'
[18:52:57] [INFO] testing 'Oracle boolean-based blind - Parameter replace'
[18:52:57] [INFO] testing 'Oracle boolean-based blind - Parameter replace (original value)'
[18:52:58] [INFO] testing 'Oracle boolean-based blind - ORDER BY, GROUP BY clause'
[18:52:59] [INFO] testing 'Oracle boolean-based blind - ORDER BY, GROUP BY clause (original value)'
[18:53:00] [INFO] testing 'Oracle boolean-based blind - Stacked queries'
[18:53:23] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (XMLType)'
[18:53:41] [INFO] testing 'Oracle OR error-based - WHERE or HAVING clause (XMLType)'
[18:53:57] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)'
[18:54:13] [INFO] testing 'Oracle OR error-based - WHERE or HAVING clause (UTL_INADDR.GET_HOST_ADDRESS)'
[18:54:26] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'
[18:54:43] [INFO] testing 'Oracle OR error-based - WHERE or HAVING clause (CTXSYS.DRITHSX.SN)'
[18:54:57] [INFO] testing 'Oracle AND error-based - WHERE or HAVING clause (DBMS_UTILITY.SQLID_TO_SQLHASH)'
[18:55:13] [INFO] testing 'Oracle OR error-based - WHERE or HAVING clause (DBMS_UTILITY.SQLID_TO_SQLHASH)'
[18:55:27] [INFO] testing 'Oracle error-based - Parameter replace'
[18:55:27] [INFO] testing 'Oracle error-based - ORDER BY, GROUP BY clause'
```

Admittedly this is may seem a bit hackish as it only addresses HTTP 400 and doesn't cover other
app specific errors which can happen in other scenarios. It could also be that ``--suppress-400``
would sound better as it would describe better what it does but as there's
``--ignore-401`` so I settled for ``--ignore-400``.
2017-07-17 18:54:03 +02:00
..
controller Update for #2597 2017-07-03 16:55:24 +02:00
core Update for #2597 2017-07-03 16:55:24 +02:00
parse Add --ignore-400 2017-07-17 18:54:03 +02:00
request Add --ignore-400 2017-07-17 18:54:03 +02:00
takeover Minor patch 2017-06-05 16:28:19 +02:00
techniques Fixes #2577 2017-06-18 14:07:48 +02:00
utils Update for #2597 2017-07-03 16:55:24 +02:00
__init__.py New version preparation 2017-01-02 14:19:18 +01:00