CoreyD97
commented
3 years ago Thanks for the suggestion!
Whilst this is something that the plugin could benefit from, it's unlikely to be on my priority list at the moment, as there are a number of transformations etc that may be required depending on the application being tested, which would take some work to implement.
Instead, I've made sure that the application is compatible with https://github.com/PortSwigger/hackvertor and so provided Hackvertor is lower in the extension list than Stepper, you should be able to use Hackvertor tags to achieve this and many other similar behaviors in the meantime.
Let me know if you have any issues
I've run into a limitation of the tool that is causing some problems in testing. I am attempting to take a b64 encoded string from one response and submit it as form data in the subsequent POST. The string needs to be url encoded or the server rejects the request. I've hunted around and it doesn't appear that it's currently possible to do that directly within the tool. Maybe adding a similar option to what's in the intruder for url encoding certain special characters?