Sqlmap is a great opensource SQL injection tool that I use to aide my learning using it’s -v switch that sets the output verbosity so you can see and learn the SQL payload sqlmap is sending. I usually set it to -v3
By default sqlmap tests for blind SQL injection first which is more often successful but is very slow at extracting data and is hard to follow.
The full default order is blind, error, union, stacked, time. “BEUST”
I prefer to use union,error,stacked,blind,time. “UESBT”
To change the default in sqlmap open up sqlmap.conf
On line 236 tech = BEUST to tech = UESBT
Sqlmap by default does not try all the different types of SQL injections as some are too noisy/risky.
This can mean that exploitable injections are missed. To avoid this sqlmap can be configured to test for all types of injection by changing level and risk settings.
On line 195 you can change the level = 1 to level = 5
On line 202 you can change the risk = 1 to risk = 3
By default sqlmap will only test for 10 columns when using UNION SQL injection, this is to low in most cases. I change the default to 50.
You can change this on line 246 uCols = 50
There are loads of other options you can change in sqlmap these are just a few 🙂