I dont think second order option will work as that is specifiing where to
look for injection results, which might result in your underlying injection
failing if the results are not to be found there.
There is however options in latest version that appear to be for just this
type of situation (although I personally haven't used them just yet):
--safe-url=SAFURL URL address to visit frequently during testing
--safe-freq=SAFREQ Test requests between two visits to a given safe URL
I believe this will ensure your session remains active during scan.
There is also the options for CSRF tokens to be snagged and parsed via:
--csrf-token=CSR.. Parameter used to hold anti-CSRF token
--csrf-url=CSRFURL URL address to visit to extract anti-CSRF token
In case the csrf token needs to be refreshed for each injection (when
injecting into forms and other typical POST injections and such).
On Mon, Apr 20, 2015 at 1:22 PM, Brandon Perry <bperry.volat...@gmail.com>
wrote:
> However, that being said, I have run into this before and had to write my
> own exploits to fully exploit the vulnerability.
>
> On Mon, Apr 20, 2015 at 1:21 PM, Brandon Perry <bperry.volat...@gmail.com>
> wrote:
>
>> There is a second order parameter, it could be used to perform this. It
>> would be requested after ever injected request were sent.
>>
>> On Mon, Apr 20, 2015 at 1:18 PM, Vojtěch Polášek <krec...@gmail.com>
>> wrote:
>>
>>> Greetings,
>>> I am testing an application which I suspect to log me out if I don't
>>> send certain post request in certain time interval.
>>> Is this possible to do with Sqlmap? I know that there is a parameter
>>> which lets me to run any python code before every request. But it is not
>>> so nice, let's say.
>>> Is there any possibility to supply a post request to safeurl? Is there
>>> anything like this planed?
>>> Thank you very much,
>>> Vojta
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
>>> Develop your own process in accordance with the BPMN 2 standard
>>> Learn Process modeling best practices with Bonita BPM through live
>>> exercises
>>> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
>>> event?utm_
>>> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
>>> _______________________________________________
>>> sqlmap-users mailing list
>>> sqlmap-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>>>
>>
>>
>>
>> --
>> http://volatile-minds.blogspot.com -- blog
>> http://www.volatileminds.net -- website
>>
>
>
>
> --
> http://volatile-minds.blogspot.com -- blog
> http://www.volatileminds.net -- website
>
>
> ------------------------------------------------------------------------------
> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
> Develop your own process in accordance with the BPMN 2 standard
> Learn Process modeling best practices with Bonita BPM through live
> exercises
> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual-
> event?utm_
> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
> _______________________________________________
> sqlmap-users mailing list
> sqlmap-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>
------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
sqlmap-users mailing list
sqlmap-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/sqlmap-users
