Author Topic: [SOLVED] Anonymous mode and sqlmap  (Read 5540 times)

dark

  • Newbie
  • *
  • Posts: 4
    • View Profile
on: March 14, 2015, 12:37:06 PM
Hi,
usually when I use sqlmap I add the --tor flag but after the update to the new backbox It did not works anymore.
The --check-tor flag stop sqlmap because It did not find tor.

Maybe the anonymous mode uses another tor port?

P.S. If I start Vidalia the problem persists.

Regards
« Last Edit: January 18, 2016, 09:19:58 PM by ZEROF »



ZEROF

  • Hero Member
  • *****
  • Posts: 1247
    • View Profile
    • Pen Tester
Reply #1 on: March 14, 2015, 03:46:00 PM
If you start anonymous, you don't need Tor flag.


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*


dark

  • Newbie
  • *
  • Posts: 4
    • View Profile
Reply #2 on: March 14, 2015, 04:05:58 PM
If you start anonymous, you don't need Tor flag.

Are you sure that also sqlmap traffic will use the Anonymous mode?

Because the --check-tor flag say me that tor is not started and exits



ZEROF

  • Hero Member
  • *****
  • Posts: 1247
    • View Profile
    • Pen Tester
Reply #3 on: March 14, 2015, 04:19:06 PM
Yes, all traffic is routed with iptables and goes over Tor.


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*


dark

  • Newbie
  • *
  • Posts: 4
    • View Profile
Reply #4 on: March 14, 2015, 04:36:14 PM
Yes, all traffic is routed with iptables and goes over Tor.

Perfect, thank you for your support.



weVeg

  • Hero Member
  • *****
  • Posts: 737
    • View Profile
Reply #5 on: March 14, 2015, 06:50:06 PM
Hi!
When I use sqlmap with anonmode I'm used to add --tor flag but not --check-tor , and all seems do be right. May be also with different options work fine too!!
Es:
Code: [Select]
sqlmap -u "address" --tor --threads 8 --risk 3 --level 5  ......

una voce libera è sempre liberatrice
under_r00t


dark

  • Newbie
  • *
  • Posts: 4
    • View Profile
Reply #6 on: March 15, 2015, 10:42:21 AM
Hi!
When I use sqlmap with anonmode I'm used to add --tor flag but not --check-tor , and all seems do be right. May be also with different options work fine too!!
Es:
Code: [Select]
sqlmap -u "address" --tor --threads 8 --risk 3 --level 5  ......


Now I use the same --tor flag w/o --check-tor. But I see that --check-tor make a request to the "Am I using TOR?" page to check and it returns that I'm not under TOR network.



weVeg

  • Hero Member
  • *****
  • Posts: 737
    • View Profile
Reply #7 on: March 15, 2015, 03:32:36 PM
Check yourself on this page https://check.torproject.org/
That page show you if you are inside the tor's network!
ciao!

una voce libera è sempre liberatrice
under_r00t


ZEROF

  • Hero Member
  • *****
  • Posts: 1247
    • View Profile
    • Pen Tester
Reply #8 on: March 15, 2015, 03:56:07 PM
Hi weVeg, i go one more step in Tor connection audit. The true is that i can approve that 1st min connections is not that secure (not information/data that you will share, it's encrypted, but connection you will use is not that hidden). Because we can get first node and exit node IP's. If ISP can catch that connection and your end IP with some backdoor, your are just owned. But when your ip change next time (after few min of active connection) you can't trace it again localy and that is point where Tor is best solution.

Tor is not broken, it's just how it was made from day one.

If you have time i can show you.
« Last Edit: March 15, 2015, 04:51:30 PM by ZEROF »


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*


weVeg

  • Hero Member
  • *****
  • Posts: 737
    • View Profile
Reply #9 on: March 17, 2015, 02:20:58 PM
Hi ZEROF! Yep, you are right, for that reason you should connect by vpn first, and then to the tor's network!!

una voce libera è sempre liberatrice
under_r00t


Numskull

  • Newbie
  • *
  • Posts: 17
  • to know is to know that to know is not to know
    • View Profile
Reply #10 on: July 30, 2015, 06:28:54 PM
Hi ZEROF! Yep, you are right, for that reason you should connect by vpn first, and then to the tor's network!!

When I connect to VPN first and then the anonymous mode: Backbox restarts the network-manager and the vpn shuts down. So then, how?

(Sorry, I just want to learn how to master this anonymous mode function in Backbox, I want to understand it better)

Current sword: ~Backbox 4.3~


ZEROF

  • Hero Member
  • *****
  • Posts: 1247
    • View Profile
    • Pen Tester
Reply #11 on: August 02, 2015, 04:34:31 PM
HI,

You will need to write your own settings, and set manually Tor. In this real world scenario you need to deal on your own.


Don't ask, read : http://wiki.backbox.org
or just run sudo rm -rf /*