When I attempt to use --eval on a cookie/header value, it only makes to correct substitutions when checking the stability of the URL. Once the payloads start being inserted, the evals value is no longer applied.
So if I run the following:
./sqlmap.py -v 6 -r req.txt --eval="import base64;SessionID=base64.b64encode(SessionID.encode('latin1'))"
against the following sample request:
GET /index.php HTTP/1.1
Host: 127.0.0.1:9000
Cookie: SessionID=blah*
Connection: close
So I would expect that all this value should always be substituted, but perhaps I am using it incorrectly :P
I tested this against the latest commit which was, at the time of testing: 38d74cf
When I attempt to use --eval on a cookie/header value, it only makes to correct substitutions when checking the stability of the URL. Once the payloads start being inserted, the evals value is no longer applied.
So if I run the following:
./sqlmap.py -v 6 -r req.txt --eval="import base64;SessionID=base64.b64encode(SessionID.encode('latin1'))"against the following sample request:
So I would expect that all this value should always be substituted, but perhaps I am using it incorrectly :P
I tested this against the latest commit which was, at the time of testing: 38d74cf