I checked and burp replace feature doesn't have any kind of parameter to include a incremental number. :( I'll check mitmproxy.
On Thu, Aug 18, 2016 at 4:10 PM, Ricardo Iramar dos Santos <[email protected]> wrote: > Great idea!!! Thanks!!! :) > I'll try and let you know the results. > > On Thu, Aug 18, 2016 at 4:07 PM, Brandon Perry > <[email protected]> wrote: >> You can write a burp rule that rewrites a specific value that you set in the >> SOAP body with an incrementing integer as sqlmap is exploiting the >> sqlinjection (it wouldn’t realize the parameter needed to be incremented). >> >> You can use —proxy to send sqlmap through burp. >> >>> On Aug 18, 2016, at 2:02 PM, Ricardo Iramar dos Santos <[email protected]> >>> wrote: >>> >>> I have a SOAP POST request where two different should be unique. One >>> is an Email and another UserID. >>> Is there a way to inject on Email having the email domain (e.g. >>> @gmail.com) as a suffix and increment the UserID parameter (e.g. >>> starting from 100)? >>> >>> Thanks! >>> Ricardo Iramar >>> >>> ------------------------------------------------------------------------------ >>> _______________________________________________ >>> sqlmap-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> ------------------------------------------------------------------------------ _______________________________________________ sqlmap-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/sqlmap-users
