F: sqlmap extra

1. Advanced SQLi section
2. Now we're going to talk about firewalk with SQLi
3. What i mean with that is, sometimes when you ping a website you will receive a false echo reply.
4. The actualy website is behind an firewall or ips so you will never talk directly to the webserver.
5.  
6. This is very bad, we want to inject the webserver, not their ips or firewall.
7.  
8. This is very easy to spot tho.. ping your website and copy the ip into your browser is one technique.
9. If you get redirect to the correct websites than you're fine.
10. But if i refuse connection you can start with following my steps
11.  
12. 1. Go on http://toolbar.netcraft.com/site_report and enter your URL
13. 2. Scroll down to 'Hosting History' and copy one of the ip address (latest seen is recommended)
14. 3. For Debian users go to /etc/hosts and paste
15. <your ip> <your URL>
16.  
17.  
18. When done correctly this will now talk directly to the webserver, no ips/firewall between that destroy yours SQL injections