Hello,
I request help from someone with experience using sqlmap. I've spent two weeks on learning how to use this tool, but it has been slow and frustrating. I've decided to go back to the basics to install WebGoat V5.4 and Tomcat on so that I can pen test on a confirmed web app that had known sql injection holes, yet sqlmap just refused to at least get off the ground. I've posted here on github to the project:
https://github.com/sqlmapproject/sqlmap/issues/640
If you can, please install tomcat and WebGoat V5.4 and use the lastest version of sqlmap (sqlmap/1.0-dev) and test for sql injection and report back your findings. I googled, read tutorials, emailed sqlmap, but I'm just stuck. My thinking is, if I can't get sqlmap to penetrate webgoat, then I certainly don't want to waste my time to test my site with this tool due to the false sense of security.
Thanks in advance,
G.
Linux kalihost 3.12-kali1-amd64