Using “stunnel” to run “Havij” against “HTTPS” sites.

I am all into sqlmap, however, there are situations where sqlmap just fails for one reason or another, and Havij gets the job done.

One major problem with Havij is that it doesn’t work with HTTPS sites “at least for me”, and I came across a particular site with a confirmed SQLi that when I pointed sqlmap at it didn’t work, so, I ran Havij:

Pressed the Analyze button, aaaaaand…. nothing, it’s IDLE

So, I thought maybe Havij doesn’t do HTTPS, my solution approach was using  stunnel to listen on port:80 and configure it to connect to the https site, the point Havij to the stunnel server at port:80 and let stunnel to the SSL

Let’ see how the stunnel.conf will look like:

then run “stunnel stunnel.conf” …

Ok, looks good to me… Now I’ll point Havij to the stunnel machine with HTTP

And Havij just works fine after that 🙂

 

8 Comments

    • sherif

      I’m afraid I do not have that planned … nor think will be.
      If you’re familiar with linux “backtrack?” it’s a very easy thing to do, google your way, if you couldn’t do it, you’ve not tried hard enough 🙂

  1. I tried, but i think i didnt configure stunnel properly, so still need sqlmap (Mr slow fff)…i dont understand why you put ‘0.0.0.0:80’ and where write ‘pid=’ n ‘output=’ in the conf file,,,

Leave a Reply