How sqlmap internally works?

I'm trying to capture sqlmap traffic but I only see a single HTTP GET in wireshark without sql injection (its just the url I provide).

I would expect 1 HTTP GET request per try (per sql injection then).

How is sqlmap working to make its attemps ? How to see these attempts ?

Increase verbosity hasn't help me.

1 answer

  • answered 2020-09-27 11:36 Lou

    Finally found the answer after hours !

    Sqlmap is storing a cache I found in (windows)


    After removing it, I was able to see the http queries. Ouf !

    (--refresh-queries has no effect)