The best thing about sqlmap is that it is free & you can use it for SQL INJECTION even for POST data. This post is meant to provide you a quick look into the options that sqlmap provides for performing sql injections in post data. For all those who don't know about sqlmap, it is a database automated sql injection & database takeover tool :). If you have some experience using the free version of Havij, then I urge you to try this tool because this is the best open source tool (by default it doesnot have any GUI ), but you can get one if you like. ( I suggest you to stick with CLI version ).
The important arguments that are available for you are -
Some other important arguments that are usefull -
So a command using all these arguments would look like -
./sqlmap.py -u "URL WHERE THE DATA WILL BE POSTED" --data="POST DATA" --proxy="PROTO://IP:PORT" --proxy-cred="username:password"
For example if we have a form posting data to www.example.com/submit.php & the data is search=hello&value=submit then the command will look like this - (we are using tor network this time :P)
./sqlmap.py -u "http://www.example.com/submit.php" --data="search=hello&value=submit" --tor