How sqlmap internally works?
I'm trying to capture sqlmap traffic but I only see a single HTTP GET in wireshark without sql injection (its just the url I provide).
I would expect 1 HTTP GET request per try (per sql injection then).
How is sqlmap working to make its attemps ? How to see these attempts ?
Increase verbosity hasn't help me.
Finally found the answer after hours !
Sqlmap is storing a cache I found in (windows)
After removing it, I was able to see the http queries. Ouf !
(--refresh-queries has no effect)