Auth token update feature

[vanhauser-thc]

I fuzz a target with a complex request I read in with -r.
That requests has special headers (no cookies) that also contain auth tokens that time out after x minutes.
A fuzz run takes however 4x+ the time than the lifetime of the auth token.

It would be great if there would be a feature that executes a python script on an event (in my case: HTTP code 401) and then re-read the -r file, hence the python script would get a new token and write it to the file.

My current workaround is to see at which item from the request sqlmap was fuzzing when it is terminating because the auth token has timed out, and skip all items that were completed until then with --skip, but that is a lot of hands-on work.

I think my problem is actually common so either there is already a way to deal with that and I didn't find it, or this is a feature that would be very useful.

Thank you!

[vanhauser-thc]

To maybe add to this:

the --preprocess feature could be used for this, however what is needed is a way to
a) trigger sqlmap to re-read the -r request file, and
b) resend the last request that resulted in a 401 (the preprocess script would need to check it is not the same request over and over triggering it as it would other ways loop forever)

[vanhauser-thc]

@stamparm
Hey Miroslav, we met at navaja negro in 2015, we were the only non-spanish speaking presenters there ... :)
I would appreciate if you could give me a quick hint if there is a workaround for my problem or not. thank you!

[stamparm]

Great THC asks me whether I recall him :D. Life tends to be funny sometimes.

Thing is that I am aware of this "problem" of yours and that I had couple of similar requests before, though, currently I am not sure what would be the "optimal" way to do it in the code itself.

Until I implement something useful, maybe there is a nice workaround described here (Note: nightmare-tamper.py). Thing is that tamper scripts are great in this kind of cases as headers are also available for update during their run. It would not currently be the "best" solution for your issue as it would retrieve new auth token before each request, but it could provide an easy way to deal with it.

[vanhauser-thc]

ah that was five years ago :) you only remember me because of my good hair :p

I feared that this would be the only possible workaround.
Any easy improvement though is to do this once, save a counter + token in a file, read it in every time the script and once the counter reaches 500 perform it again.
otherwise it will quadruple the test time
Thanks!