killchain-compendium/Exploits/Databases/Websocket SQLi.md

Websocket SQLi

• SQLmap is not able to send websocket requests directly because of the id added to the request. Therefore you need a local webserver as a middleware which translates requests to the target. Put in the webserver URL, and the correct data structure into the script and run it.o

sqlmap -u "http://127.0.0.1:8081/?id=62009" -p "id" --dbs

References

• rayhan0x01's git repo
• rayhan0x01's blog entry