Tuesday, August 19, 2014

HOWTO : SQLMap for Cloudflare protected sites

When you suspect your target site is vulnerable to SQLi and you find out that it is protected by Cloudflare, you can still to launch SQLMap against the target.

First of all, you need to make sure the target site is protected by Cloudflare, you can add "--identify-waf" or "--check-waf" to confirm. However, do not set "--thread=" larger than 1 as the target will give you "403 Forbidden" error. Once you get the "403 error", your IP address is banned. Therefore, you are required to consider to use proxy servers or TOR to access the target.

Secondary, you need to add "--tamper='between,randomcase,space2comment'" and "-v 3", if the target is confirmed being protected by Cloudflare. You may also consider to add "--random-agent" and "--tor" when necessary.

Finally, do not use Kali Linux provided SQLMap scripts as it has no "WAF" scripts pre-installed. You are better to download the latest version of SQLMap from the official site.

git clone https://github.com/sqlmapproject/sqlmap.git

This hint can be applied to other WAFs, IDSs and IPSs, such as mod_security or other Cloudflare like service providers.

For example :

python sqlmap.py -u "https://www.cloudflare.com/" --check-waf --tamper="between,randomcase,space2comment" -v 3 --random-agent --tor

That's all! See you.