A request file is useful for software like SQLmap to test the vulnerability of a website, database, it contains important information such as the request parameters and cookies, therefore, it’s beneficial to learn how to create it from burp suite.
1. Configure proxy in your web browser, point to browser Burp proxy (127.0.0.1:8080) .
Burp set to intercept in the proxy > intercept tab, make sure the “Intercept is on” button is active, as shown bellow.
2. Open browser,find the login page, browse to target site http://vulnweb.com/Login.asp. Click on the submit button on the login form
3. Switch to the burp suite proxy > intercept , you can see, Burp catches the POST request and waits, at this stage, you can see some data in the raw tab.
4. Copy the POST request to a text file, or right click in the raw tab, copy to file. I have saved it as request.txt and placed it in the /root/Document/test directory
6. Run sqlmap as shown here; the option -r tells sqlmap to read the request.txt file to get the information to attack in the POST request. -p is the parameter we are attacking.
Note that with the -r request, you don’t have to use -u option, they are incompatible with each other.