SQLmap and useful switches

Easy5MIN

SQLmap is known for its extensive range of basic features, but its true power lies in smaller add-ons that can make testing faster, more versatile, and more realistic. In this module, we will dive into six frequently used switches: --proxy, --batch, --threads, --random-agent, --os-shell, and --flush-session.

--proxy – see what you're doing

With the --proxy switch, you can direct SQLmap's all HTTP(S) traffic through a proxy server. This is useful for several reasons:

You can monitor requests through Burp Suite, OWASP ZAP, or mitmproxy
You can hide your own IP address (e.g., TOR proxy)
You can bypass restrictions within the network

It is particularly useful to route SQLmap traffic through Burp Suite, so you can see whether the requests are correct. This also makes troubleshooting easier.

BASH

1sqlmap -u "http://sivu.fi/hae.php?id=1" --proxy="http://127.0.0.1:8080"

If you want to analyze exactly how SQLmap's requests appear from the browser's perspective. Run SQLmap through Burp:

Start Burp listening on port 8080
Add --proxy="http://127.0.0.1:8080" to SQLmap
Now you can monitor and even modify the requests sent by SQLmap in real-time

1 / 7

Previous: SQLmapPrevious Next: SQLmap level and riskNext

Hakatemia Pro

Learn to hack — start here

Hundreds of interactive courses, virtual labs and CTF challenges in your browser. Start a free trial — no card required.