I am all into sqlmap, however, there are situations where sqlmap just fails for one reason or another, and Havij gets the job done.
One major problem with Havij is that it doesn’t work with HTTPS sites “at least for me”, and I came across a particular site with a confirmed SQLi that when I pointed sqlmap at it didn’t work, so, I ran Havij:
Pressed the Analyze button, aaaaaand…. nothing, it’s IDLE
So, I thought maybe Havij doesn’t do HTTPS, my solution approach was using stunnel to listen on port:80 and configure it to connect to the https site, the point Havij to the stunnel server at port:80 and let stunnel to the SSL
Let’ see how the stunnel.conf will look like:
then run “stunnel stunnel.conf” …
Ok, looks good to me… Now I’ll point Havij to the stunnel machine with HTTP
And Havij just works fine after that 🙂