Hi, I am new to tamper scripts and I have to forge some custom headers to pass a API authentication. I need to get the http METHOD (get, post …) use by the next sqlmap resquest and the exact URL that will be use .
For exemple , in this header : [17:06:22] [TRAFFIC OUT] HTTP request [#35]: GET /1.0/iot/app/SQLIHERE HTTP/1.1 Accept-language: en-us,en;q=0.5 Accept-encoding: identity Pragma: no-cache Cache-control: no-cache,no-store Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev-c59ead3 (http://sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 I want to be able to get the first line : GET /1.0/iot/app/SQLIHERE From this line , I would be able to parse for the METHOD and get the URI that I will *statically* concat with the base URL of the API. So far I have managed to compute the auth header and use sqlmap to test the API but I have to update my tamper script for each different endpoint (URI). Thanks for your help.
signature.asc
Description: Message signed with OpenPGP using GPGMail
------------------------------------------------------------------------------ Monitor Your Dynamic Infrastructure at Any Scale With Datadog! Get real-time metrics from all of your servers, apps and tools in one place. SourceForge users - Click here to start your Free Trial of Datadog now! http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140
_______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
