X-Stepper-Response: Sequence:Step #74
Description
This is a feature request to provide an option to overwrite the HTTP response with the response from another Step within a sequence.
The reason is that I would like to test for second-order injections more easily. When looking at a multistep-form I usually have to provide input data somewhere at the beginning of the chain (ex: registration), but it is interpreted/reflect later (ex. my account).
My suggestion would be to provide an additional header like X-Stepper-Response: SequenceName:StepName which could be added to a request for which the response is overwritten with the response of SequenceName:StepName.
That would allow to test for second order vulnerabilities easier using built-in functions like the scanner or the intruder.
Thanks for considering, great plugin!