I'm trying to use sqlmap
to test an application where a search is performed in two requests.
The first request-response pair is like
POST /endpoint.aspx
Host: example.com
Qf_status: 0
Qf_find: searchstring
Content-Length: 0
HTTP/1.1 200 OK
Content-Length: 0
And the second being like
POST /endpoint.aspx
Host: example.com
Eproject-Partialrender: list-part
Content-Length: 0
HTTP/1.1 200 OK
Content-Length: 10000
<search result>
This is an obvious target for sqlmap
, but I do not know how to do apply sqlmap
in this way, and the sqlmap
documentation doesn't help with this particular use case. What I could do, but really don't want to, is set up a proxy that takes the first request forwards it, and returns the response from the second request. That seems inefficient for what should be a fairly common circumstance.