0

I am trying to use sqlmap. Although every time I use it, I just get a response of:

[13:39:11] [CRITICAL] previous heuristics detected that the target is protected by some kind of WAF/IPS
[13:39:11] [INFO] testing if the target URL content is stable
[13:39:12] [INFO] target URL content is stable
[13:39:12] [CRITICAL] no parameter(s) found for testing in the provided data (e.g. GET parameter 'id' in 'www.site.com/index.php?id=1'). You are advised to rerun with '--forms --crawl=2'

[*] ending @ 13:39:12 /2020-07-29/

I'm using the websites I find in the tutorials (like: https://www.binarytides.com/sqlmap-hacking-tutorial/). But I always get this message. If not, it keeps asking me for stuff and then doesn't work.

Here's the command I use: python sqlmap.py -u "www.example.com"

schroeder
  • 123,438
  • 55
  • 284
  • 319
Mr. Cow
  • 9
  • 1
  • 2
  • 1
    Just to clarify - are you trying to run the example queries as they are provided exactly? As the example website given is `site.com` in that tutorial, and that would need to be replaced by an actual website for the tool to work. – Dave Jul 29 '20 at 22:22
  • I am using websites from other tutorials, but they don't work. Like: http://www.techpanda.org/ – Mr. Cow Jul 29 '20 at 22:29
  • These are not the droids you are looking for... – Conor Mancone Jul 29 '20 at 22:58
  • The "site" in the link you provided is not an actual site... You are supposed to replace `site.com` with an actual site... And you need to provide parameters, just like the error message says. If you are doing all these things, then you need to edit your question to include these details. Including, all the "other stuff" it is asking you for. – schroeder Jul 30 '20 at 09:02
  • 1
    Sorry, didn't know how much hate I would get. I wanted to get into Ethical Hacking, so I got sqlmap. I'll stay away from this now. I am so sorry. – Mr. Cow Aug 01 '20 at 15:54
  • Mr. Cow - there is no hate from anybody here. There is, however, an expectation that people will read all the documentation before using tools, especially ones that can be dangerous. – Rory Alsop Oct 24 '20 at 11:59

2 Answers2

1

For legal reasons you should only attempt to hack websites you have explicit permission to test. Random websites on the internet doesn't meet that criteria unless you're doing a bugbounty (in which case sqlmap is probably the wrong approach). A better option would be to install a web application designed for learning security, such as the Damn Vulnerable Web Application on your local machine or a VM and then run sqlmap against it.

wireghoul
  • 5,745
  • 2
  • 17
  • 26
1

You should be testing it on a vulnerable parameter.

[13:39:12] [CRITICAL] no parameter(s) found for testing in the provided data (e.g. GET parameter 'id' in 'www.site.com/index.php?id=1'). You are advised to rerun with '--forms --crawl=2'

You should also make sure that the website you are testing is running a SQL DB and accepts data.

schroeder
  • 123,438
  • 55
  • 284
  • 319
vulnerableuser
  • 317
  • 1
  • 5