[sqlmap-users] tamper scripts : is it possible to tamper or just get the method and url ?
Brought to you by:
inquisb
Menu
▾
▴
[sqlmap-users] tamper scripts : is it possible to tamper or just get the method and url ?
|
From: Vincent M. <vi...@ma...> - 2015-09-16 15:23:58
|
Hi, I am new to tamper scripts and I have to forge some custom headers to pass a API authentication. I need to get the http METHOD (get, post …) use by the next sqlmap resquest and the exact URL that will be use . For exemple , in this header : [17:06:22] [TRAFFIC OUT] HTTP request [#35]: GET /1.0/iot/app/SQLIHERE HTTP/1.1 Accept-language: en-us,en;q=0.5 Accept-encoding: identity Pragma: no-cache Cache-control: no-cache,no-store Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 User-agent: sqlmap/1.0-dev-c59ead3 (http://sqlmap.org) Accept-charset: ISO-8859-15,utf-8;q=0.7,*;q=0.7 I want to be able to get the first line : GET /1.0/iot/app/SQLIHERE From this line , I would be able to parse for the METHOD and get the URI that I will *statically* concat with the base URL of the API. So far I have managed to compute the auth header and use sqlmap to test the API but I have to update my tamper script for each different endpoint (URI). Thanks for your help. |
