Burp Session Handling Rules not Applied to Proxy
I have a macro that grabs a token value of the parameter named xxx from one HTTP response such as:
/campaign/a\">Details</a>\n<form class=\"column-buttons\" action=\"/manage/campaign/delete\" method=\"POST\">\n <input type='hidden' name='xxx' value='yyy'
In the session handling rules, I have made it to run a macro and made it applicable to repeater and proxy. In repeater, when I press Go a few times and the token gets updated.
However, when runnng SQLmap via Burp, the token is not updated. I have also tried manually to click on the function but the token is not from the macro but from the original page.
I am using Windows 10, tried with Burp 2.1 and v2.0.13beta, Pro edition for both.
SQLmap is a Burp extension.
Have you checked the Extender box in the Session handling rule editor > Scope > Tool Scope?
My host is a IP, I'd initially thought maybe the scope for session handling is not able to detect IP addresses and so I mapped a hostname to the IP in my hosts file.
All these still did not work for me. The fact I can see in the session handling tracer and not in proxy is a sign that there should be a bug unless there are some settings I am not aware of.
Sorry for the delay in responding. Have you tried using the SQLiPy Sqlmap Integration Extension in the BApp Store? If not, could you try using this or tell us why this wouldn’t work for you?
What issues did you have with the extension? Did you check out our tutorial page?
You can send screenshots or debug messages to firstname.lastname@example.org.