The Practical Guide to sqlmap for SQL Injections

The Practical Guide to sqlmap for SQL Injections | Udemy
English | Size: 3.52 GB
Genre: eLearning

What you’ll learn
What sqlmap is and how it’s used to test web applications for SQL injection vulnerabilities
How to create a home lab environment to safely and legally attack web applications with SQL injections
Find and exploit your first SQL injections with sqlmap
Learn, in-depth, all of the options that sqlmap offers
How to enumerate vulnerable database information (such as database names, schema, tables, and data within those tables)
How sqlmap code is structured and how to find what you’re looking for (ie: payloads and settings)
How to manipulate headers, parameters, methods, data, cookies, and more
How to configure targets via URLs, logfile, bulkfiles, and request files (from Burp/ZAP)
How to configure proxies and Tor to use sqlmap anonymously
How to modify requests on the fly with simple Python scripts
How to identify WAFs and manually as well as automatically bypass them (with tamper scripts)
How to troubleshoot common sqlmap errors and overcome issues
Understand how (and when) to use –level and –risk, and how it affects results (this is important!)
How to use regular and advanced takeover options and techniques to take control of back-end databases and servers
How to run sqlmap as an API server and client
How to fingerprint, enumerate, and takeover

Learn how to use sqlmap in-depth for professional engagements, and help support open-source in the process. 40% of every sale will be donated to the sqlmap project to help support its development.

sqlmap is the most powerful and widely used SQL injection tool, and for good reason. It packs an impressive array of features and options specifically crafted to fingerprint, enumerate, and takeover databases as well as underlying systems. In this course, we take a look at all of that. We start by looking at the sqlmap project, including how the source code repository is structured, where to find important files such as configuration and payload files, and how to set up a home lab environment to safely and legally practice what we’re learning. Then, we explore every single option that sqlmap offers with examples and explanations of how and when to use the option(s). We learn tips & tricks to see what sqlmap is doing under the hood and to troubleshoot when we come across issues. Once we’ve covered sqlmap’s options and features, we tie it all together by running through scenarios. This is when we get to see how those options can be used together or on their own to achieve our pentest or bug bounty objectives.

The course also includes sections dedicated to specific topics such as bypassing WAFs and evading security controls, and how to run sqlmap as an API.

Who this course is for:
Web pentesters
Application Security Engineers
Web Developers
Bug Bounty Hunters
DevSecOps Engineers
Security Researchers
Database administrators

If any links die or problem unrar, send request to
forms.gle/e557HbjJ5vatekDV9

Leave a Comment Cancel reply