After beating my head off the wall for an hour or so I finally figured out an interesting way to do this. Extensive Googling didn’t turn anything up so I decided to post here for future reference and to save others the headache.

360 Mobile Vision - 360mobilevision.com North & South Carolina Security products and Systems Installations for Commercial and Residential - $55 Hourly Rate. ACCESS CONTROL, INTRUSION ALARM, ACCESS CONTROLLED GATES, INTERCOMS AND CCTV INSTALL OR REPAIR 360 Mobile Vision - 360mobilevision.com is committed to excellence in every aspect of our business. We uphold a standard of integrity bound by fairness, honesty and personal responsibility. Our distinction is the quality of service we bring to our customers. Accurate knowledge of our trade combined with ability is what makes us true professionals. Above all, we are watchful of our customers interests, and make their concerns the basis of our business.
This is a pretty common and necessary task. Some good examples of when you may need to do it are to deal with CSRF tokens that update on every request or test for SQL injection in a multistep process. BURP macros and Session Handling can deal with these scenarios but for some reason sqlmap doesn’t like to be proxied for HTTPS URL’s, I think it’s probably because of the certificate that BURP uses.
Anyways doing it is quite easy once you figure it out. Just enable your proxy and under Proxy -> Options -> Request Handling, select “Force Use of SSL”. Then in sqlmap, feed it a plain http url rather than https. BURP will translate this to HTTPS when it receives requests.
Now you can let BURP work its macro and session handling magic on the sqlmap requests!

By admin