[TOC] ## 安装 `git clone --depth 1 https://github.com/sqlmapproject/sqlmap.git sqlmap-dev` ## 使用 帮助 `python sqlmap.py -h` ### -u 测试需要登陆的 url get ``` python2 sqlmap -u "http://foo.com/api..." --cookie "PHPSESSID=6q0j4ib4rqmd2me2uqcijm1uqg" ``` ### -r 把请求信息写入文件,已文件形式发送 添加 `test.txt` ``` GET /index.php?g=weixin&m=small&a=banner HTTP/1.1 Host: www.renbaotengxun.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3 Accept-Encoding: gzip, deflate Accept-Language: zh-CN,zh;q=0.9,en;q=0.8 Cookie: Z3tF0N_think_language=zh-CN; PHPSESSID=6q0j4ib4rqmd2me2uqcijm1uqg; thinkphp_show_page_trace=0|0 ``` 测试 `python2 sqlmap.py -r "test.txt"`