I checked and burp replace feature doesn't have any kind of parameter to include a incremental number. :( I'll check mitmproxy.
On Thu, Aug 18, 2016 at 4:10 PM, Ricardo Iramar dos Santos <rira...@gmail.com> wrote: > Great idea!!! Thanks!!! :) > I'll try and let you know the results. > > On Thu, Aug 18, 2016 at 4:07 PM, Brandon Perry > <bperry.volat...@gmail.com> wrote: >> You can write a burp rule that rewrites a specific value that you set in the >> SOAP body with an incrementing integer as sqlmap is exploiting the >> sqlinjection (it wouldn’t realize the parameter needed to be incremented). >> >> You can use —proxy to send sqlmap through burp. >> >>> On Aug 18, 2016, at 2:02 PM, Ricardo Iramar dos Santos <rira...@gmail.com> >>> wrote: >>> >>> I have a SOAP POST request where two different should be unique. One >>> is an Email and another UserID. >>> Is there a way to inject on Email having the email domain (e.g. >>> @gmail.com) as a suffix and increment the UserID parameter (e.g. >>> starting from 100)? >>> >>> Thanks! >>> Ricardo Iramar >>> >>> ------------------------------------------------------------------------------ >>> _______________________________________________ >>> sqlmap-users mailing list >>> sqlmap-users@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/sqlmap-users >> ------------------------------------------------------------------------------ _______________________________________________ sqlmap-users mailing list sqlmap-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/sqlmap-users
