Official Usage Discussion

Only commenting to complain about the SQL injection. very frustrating to constantly get DC’d and ended up spending most of my time just sitting around letting sqlmap do its thing. After that, User was very easy.

also went down a rabbithole with root and a different binary but that wasn’t so bad.

Sqlmap is a background process, that’s one of the early things you do while you look through other attack vectors.

Hi Matt,
Can you please advise on how you automate SQLMap to run in the background?
The way I use SQL Map is downloading the request from Burp and sending that to SQL Map to try inject a specific parameter.

The reference to running SQL in the background means that as SQLmap runs in the terminal, you would be in the browser looking at the website for vulnerabilities, or off in another terminal tab setting up a directory or sub-host fuzzer or some such. Nmap and SQLmap and other enumeration functions that are time-consuming work best when you begin with them and let them run in the background while you focus your attention on other things.