You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is a feature request to provide an option to overwrite the HTTP response with the response from another Step within a sequence.
The reason is that I would like to test for second-order injections more easily. When looking at a multistep-form I usually have to provide input data somewhere at the beginning of the chain (ex: registration), but it is interpreted/reflect later (ex. my account).
My suggestion would be to provide an additional header like X-Stepper-Response: SequenceName:StepName which could be added to a request for which the response is overwritten with the response of SequenceName:StepName.
That would allow to test for second order vulnerabilities easier using built-in functions like the scanner or the intruder.
Thanks for considering, great plugin!
The text was updated successfully, but these errors were encountered:
This is a feature request to provide an option to overwrite the HTTP response with the response from another Step within a sequence.
The reason is that I would like to test for second-order injections more easily. When looking at a multistep-form I usually have to provide input data somewhere at the beginning of the chain (ex: registration), but it is interpreted/reflect later (ex. my account).
My suggestion would be to provide an additional header like
X-Stepper-Response: SequenceName:StepNamewhich could be added to a request for which the response is overwritten with the response of SequenceName:StepName.That would allow to test for second order vulnerabilities easier using built-in functions like the scanner or the intruder.
Thanks for considering, great plugin!
The text was updated successfully, but these errors were encountered: