You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
At the moment, I need to clone the same sequence multiple times to support multi threading. This is how I did it for example in a project when I needed multi-threading in Intruder:
I created transaction-sign0 to transaction-sign3 sequences using export and import function for cloning
The Hackvertor extension then used in Intruder to call each sequence separately (Intruder payload was set to sequential numbers): x-stepper-execute-before: transaction-sign<@set_variable1('false')><@arithmetic(4,'%',',')>§0§<@/arithmetic><@/set_variable1>
The above header would call four Stepper sequence from number 0 to 3 after the ‘transaction-sign’ string.
The request body in Intruder was also updated to get its parameters from the relevant sequence. The following string shows how the ‘id’ parameter was set as an example: {"signatures":[{"id":$VAR:transaction-sign<@get_variable1/>:sigid$,"deviceType":"FOOBAR",...
The <@get_variable1/> tag is set by the Hackvertor extension as it has already been set in the header of the same HTTP request using the <@set_variable1 tag.
If I use a sequence in Intruder, it limits me to 1 thread as stepper has a visualize way of showing the results. I am not sure how this can be done without a major architectural change though. Perhaps when a trigger signal comes from scanners, extensions, and intruder, instead of showing the result in the stepper panel to cause a dead lock, do everything asynchronously without updating the UI as if they were separate sequences (remember that variables need to point to the result of these sequences so perhaps a cheat can be by updating the $VAR:sequenceName:sigid$ to $VAR:sequenceName[randomNonceHere]:sigid$ when processing the incoming request as well the sequences themselves).
If a sequence also relies on another sequence by calling x-stepper-execute-before it may again cause a deadlock or even denial of service so it needs to be investigated.
The text was updated successfully, but these errors were encountered:
At the moment, I need to clone the same sequence multiple times to support multi threading. This is how I did it for example in a project when I needed multi-threading in Intruder:
transaction-sign0totransaction-sign3sequences using export and import function for cloningx-stepper-execute-before: transaction-sign<@set_variable1('false')><@arithmetic(4,'%',',')>§0§<@/arithmetic><@/set_variable1>The above header would call four Stepper sequence from number 0 to 3 after the ‘transaction-sign’ string.
{"signatures":[{"id":$VAR:transaction-sign<@get_variable1/>:sigid$,"deviceType":"FOOBAR",...The
<@get_variable1/>tag is set by the Hackvertor extension as it has already been set in the header of the same HTTP request using the<@set_variable1tag.If I use a sequence in Intruder, it limits me to 1 thread as stepper has a visualize way of showing the results. I am not sure how this can be done without a major architectural change though. Perhaps when a trigger signal comes from scanners, extensions, and intruder, instead of showing the result in the stepper panel to cause a dead lock, do everything asynchronously without updating the UI as if they were separate sequences (remember that variables need to point to the result of these sequences so perhaps a cheat can be by updating the
$VAR:sequenceName:sigid$to$VAR:sequenceName[randomNonceHere]:sigid$when processing the incoming request as well the sequences themselves).If a sequence also relies on another sequence by calling
x-stepper-execute-beforeit may again cause a deadlock or even denial of service so it needs to be investigated.The text was updated successfully, but these errors were encountered: