Feature Request: 302 redirect - option to display the GET/POST data that triggered the redirect

[phobosgroup]

What's the problem (or question)?

sqlmap will sometimes trigger a login event when pointed at a login page by bypassing the actual login during its testing process. If this happens, it would be awesome to get the actual string (to then use with curl, burp, or other tools) to be displayed, or otherwise to give the user a notification saying "oops, it looks like we logged in, here's the resulting session cookie".

Do you have an idea for a solution?

Yes - just display the data that is already collected for debug purposes to the user. This could be appended to the 302 redirect handler so that if 'suddenly when testing a page it gets redirected to another page', its highly likely that one of the tests has bypassed the login.

[Viss]

hah, oops, I posted this with the company account.

[stamparm]

Well, you have multiple mechanisms to do that. You have -t traffic.txt to collect all the requests and responses to the textual file, you have -v (e.g. -v 6) to display all the traffic live in console, etc.

One important thing. Redirects (of any kind) are something that occurs quite often. sqlmap does not have a mechanism to distinguish whether some request was a result of successful login, or maybe some protection mechanism got introduced in the middle of test, or ....

I could do some generic stuff, but I am really scared that users won't know what to do with that info. Also, in lots of cases, claiming that something was resulting with "successful" login will introduce lots and lots of new issue where people will nag how they are getting some new "false positives"

[Viss]

Ah. You make good points.
I used -v 4 to find the input which resulted in the redirect the first time. Perhaps in addition to asking "would you like to follow the redirect", sqlmap could also ask "would you like to see the input that caused the redirect' - hopefully phrasing it that way doesn't presume "successful login", and people who dont care about it can just say no..

[4val0v]

@stamparm I have a better idea:
Once the sqlmap sees the request for a redirect, in the background go to the page and look for a response using regular expressions:

(log[_\-\s]?out|sign[_\-\s]?out|log[_\-\s]?off|sign[_\-\s]?off|exit|quit|bye-bye|clearuser|invalidate|выход|выйти|закрыть сеанс|завершить сеанс|закончить сеанс|завершить работу|закончить работу|выйти из системы|выход из системы)

As soon as it finds a coincidence about the exit from the site, we can offer the user cookies