I am using Stepper to scan a REST API with an aggressive attack detection. If the server thinks a request is an attack, it invalidates the session. To get around that I run an authentication sequence before every scanner request. First I send a request to Repeater, edit it adding X-Stepper-Execute-Before: Auth (Auth is the name of my sequence) header and a header with an authorization token variable coming from the Stepper sequence, then I use Scan function from context menu. This seems to work fine for about 30-50 requests. I see in the Logger tool that the authentication requests are sent and the scanner request is updated with a new token. After that the scan hangs. It stops sending requests, there is no errors in the Event Log in Dashboard and no errors by Stepper in the Extension Output or Errors. The last request I see in the log is successful and does not seem to be any different from the previous ones. How can I troubleshoot this problem?
I am using Stepper to scan a REST API with an aggressive attack detection. If the server thinks a request is an attack, it invalidates the session. To get around that I run an authentication sequence before every scanner request. First I send a request to Repeater, edit it adding X-Stepper-Execute-Before: Auth (Auth is the name of my sequence) header and a header with an authorization token variable coming from the Stepper sequence, then I use Scan function from context menu. This seems to work fine for about 30-50 requests. I see in the Logger tool that the authentication requests are sent and the scanner request is updated with a new token. After that the scan hangs. It stops sending requests, there is no errors in the Event Log in Dashboard and no errors by Stepper in the Extension Output or Errors. The last request I see in the log is successful and does not seem to be any different from the previous ones. How can I troubleshoot this problem?