Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.
Sign upGitHub is where the world builds software
Millions of developers and companies build, ship, and maintain their software on GitHub — the largest and most advanced development platform in the world.
Auth token update feature #4271
Comments
|
To maybe add to this: the |
|
@stamparm |
|
Great THC asks me whether I recall him :D. Life tends to be funny sometimes. Thing is that I am aware of this "problem" of yours and that I had couple of similar requests before, though, currently I am not sure what would be the "optimal" way to do it in the code itself. Until I implement something useful, maybe there is a nice workaround described here (Note: |
|
ah that was five years ago :) you only remember me because of my good hair :p I feared that this would be the only possible workaround. |
I fuzz a target with a complex request I read in with -r.
That requests has special headers (no cookies) that also contain auth tokens that time out after x minutes.
A fuzz run takes however 4x+ the time than the lifetime of the auth token.
It would be great if there would be a feature that executes a python script on an event (in my case: HTTP code 401) and then re-read the -r file, hence the python script would get a new token and write it to the file.
My current workaround is to see at which item from the request sqlmap was fuzzing when it is terminating because the auth token has timed out, and skip all items that were completed until then with --skip, but that is a lot of hands-on work.
I think my problem is actually common so either there is already a way to deal with that and I didn't find it, or this is a feature that would be very useful.
Thank you!