[SOLVED] Anonymous mode and sqlmap

dark · March 14, 2015, 12:37:06 PM

Hi,
usually when I use sqlmap I add the --tor flag but after the update to the new backbox It did not works anymore.
The --check-tor flag stop sqlmap because It did not find tor.

Maybe the anonymous mode uses another tor port?

P.S. If I start Vidalia the problem persists.

Regards

ZEROF · March 14, 2015, 03:46:00 PM

If you start anonymous, you don't need Tor flag.

dark · March 14, 2015, 04:05:58 PM

Quote from: ZEROF on March 14, 2015, 03:46:00 PM
If you start anonymous, you don't need Tor flag.

Are you sure that also sqlmap traffic will use the Anonymous mode?

Because the --check-tor flag say me that tor is not started and exits

ZEROF · March 14, 2015, 04:19:06 PM

Yes, all traffic is routed with iptables and goes over Tor.

dark · March 14, 2015, 04:36:14 PM

Quote from: ZEROF on March 14, 2015, 04:19:06 PM
Yes, all traffic is routed with iptables and goes over Tor.

Perfect, thank you for your support.

weVeg · March 14, 2015, 06:50:06 PM

Hi!
When I use sqlmap with anonmode I'm used to add --tor flag but not --check-tor , and all seems do be right. May be also with different options work fine too!!
Es:

Code Select


sqlmap -u "address" --tor --threads 8 --risk 3 --level 5  ......

dark · March 15, 2015, 10:42:21 AM

Quote from: weVeg on March 14, 2015, 06:50:06 PM
Hi!
When I use sqlmap with anonmode I'm used to add --tor flag but not --check-tor , and all seems do be right. May be also with different options work fine too!!
Es:
Code Select Expand
sqlmap -u "address" --tor --threads 8 --risk 3 --level 5 ......

Now I use the same --tor flag w/o --check-tor. But I see that --check-tor make a request to the "Am I using TOR?" page to check and it returns that I'm not under TOR network.

weVeg · March 15, 2015, 03:32:36 PM

Check yourself on this page https://check.torproject.org/
That page show you if you are inside the tor's network!
ciao!

ZEROF · March 15, 2015, 03:56:07 PM

Hi weVeg, i go one more step in Tor connection audit. The true is that i can approve that 1st min connections is not that secure (not information/data that you will share, it's encrypted, but connection you will use is not that hidden). Because we can get first node and exit node IP's. If ISP can catch that connection and your end IP with some backdoor, your are just owned. But when your ip change next time (after few min of active connection) you can't trace it again localy and that is point where Tor is best solution.

Tor is not broken, it's just how it was made from day one.

If you have time i can show you.

weVeg · March 17, 2015, 02:20:58 PM

Hi ZEROF! Yep, you are right, for that reason you should connect by vpn first, and then to the tor's network!!

Numskull · July 30, 2015, 07:28:54 PM

Quote from: weVeg on March 17, 2015, 02:20:58 PM
Hi ZEROF! Yep, you are right, for that reason you should connect by vpn first, and then to the tor's network!!

When I connect to VPN first and then the anonymous mode: Backbox restarts the network-manager and the vpn shuts down. So then, how?

(Sorry, I just want to learn how to master this anonymous mode function in Backbox, I want to understand it better)

ZEROF · August 02, 2015, 05:34:31 PM

HI,

You will need to write your own settings, and set manually Tor. In this real world scenario you need to deal on your own.