Thank you very much, this will certainly help in automating Sqlmap. But I think it doesn't solve my problem. I will try to explain it once more and suggest some possible solution, which came to my mind: I am trying to find SQL injection flaw in a HTTP request which deletes an object. Before every request I need to: 1. send a POSt request to create an object - every object gets a new ID 2. receive response and get new object ID 3. send the deletion request which tests for SQL injection flaw. As far as I thought about it, the REST API won't help me here. The --eval argument seems like the best approach for me. From the usage page I can see, that I can change parameter values in the request through --eval. That's good. But is it also possible to access information send in the last response? That's all I need I think. If I could access information from last response within the --eval, I could modify original request for deletion to delete the right object. I guess that there is some name space which can be accessed by my custom script in the context of --eval, right? What do you think about it? Do you understand it or should I provide more information? And one more question - in which class should I look to get list of all implemented methods for REST API? I took a brief look at lib/utils/api.py, but I can't seem to find the right class. I have never worked with Bottle framework before. Thanks alot for your help, I really appreciate it. Best regards, Vojtěch Polášek
------------------------------------------------------------------------------ _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
