hi Jeremy. well, Basic and other supported authentications shoud reauthenticate automatically as you already know.
web authentication is supported via cookies which you are probably using if i am not mistaken. doing plain web authentication is not supported out of the box because every authentication form has it's own parameters that needs to supplied (not standardized). now, we are opened to the suggestions. we can support this kind of things that you require but we need some generic approach. for example, we could support one more type of authorization where if there is a form with stated parameter names there sqlmap could automatically fill them and send them. kr On Thu, Jun 9, 2011 at 5:19 PM, Jeremy Mendiola <vis...@gmail.com> wrote: > Hi, > > during my pentests I've found several Blind SQL Injection that could be > exploited just by authenticated users (I obviously mean web authentication > not NTLM/Basic authentication). > In most of these cases, a FALSE boolean response of a sql injection logged > the user off, and I needed re-authenticate to launch the exploit again. Is > there a way to configure sqlmap to re-authenticate automatically in case of > a FALSE response? Some sort of a two step injection (authentication + > injection) in particular cases (eg. FALSE response)? > > Best regards, > > Jeremy > > ------------------------------------------------------------------------------ > EditLive Enterprise is the world's most technically advanced content > authoring tool. Experience the power of Track Changes, Inline Image > Editing and ensure content is compliant with Accessibility Checking. > http://p.sf.net/sfu/ephox-dev2dev > _______________________________________________ > sqlmap-users mailing list > sqlmap-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > -- Miroslav Stampar E-mail: miroslav.stampar (at) gmail.com PGP Key ID: 0xB5397B1B ------------------------------------------------------------------------------ EditLive Enterprise is the world's most technically advanced content authoring tool. Experience the power of Track Changes, Inline Image Editing and ensure content is compliant with Accessibility Checking. http://p.sf.net/sfu/ephox-dev2dev _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
