Requesting a capture SQL injection with sqlmap
To simplify the process of using sqlmap, it is possible to use a captured request from Burp Suite and execute sqlmap with all the parameters and configurations defined within. In this recipe, we will discuss how to use sqlmap to test the parameters associated with a provided request capture.
Getting ready
To use sqlmap to perform SQL injection against a target, you will need to have a remote system that is running one or more web applications that are vulnerable to SQL injection. In the examples provided, an instance of Metasploitable2 is used to perform this task. Metasploitable2 has several preinstalled vulnerable web applications running on TCP port 80. For more information on setting up Metasploitable2, refer to the Installing Metasploitable2 recipe in Chapter 1, Getting Started, of this book.
How to do it…
To use a request capture with sqlmap, it must first be saved in a text format. To do this, right-click on the request content in Burp Suite...
