Integrate Burp Request and SQLmap

We can use the Burp Suite request state for SQLmap by downloading item.

Download Request File in Burp Suite

  1. Right click on the request field in Burp Suite.
  2. Click "Save item" or "Copy to file" to download the request state.
  3. Save as "request.txt" (this is arbitrary name).


Using Request File in SQLmap

After downloading the request file in Burp Suite as the previous section, we can use when running SQLmap.

sqlmap -r request.txt

By the way, we can see what SQLmap send payloads to websites by adding the --proxy flag.

# 8080 is the default port of Burp Suite
sqlmap -r request.txt --proxy http://127.0.0.1:8080