Incorrectly marking as fuzzed when logged out

[SamJoan]

Test case:

In the image above, if the session is logged out, we will be redirected to /login. What is currently happening is that when the session is valid the engine will compare the new request against the old request and initiate fuzzing.

What is currently happening when the session is invalid however, and this is where the bug lies, is that we are comparing the 301 redirect to login to the previous redirect to login and therefore considering the request "reproducible". We need a test for this specific scenario as we will fuzz with an expired session and miss bugs.

[SamJoan]

A good possible fix, instead of dealing with heuristics, would be to,

1. prior to doing any more fuzzing, doing another session check.
2. prior to setting as fuzzed, doing another session check and only saving if the session is valid.

[SamJoan]

This is fixed on v0.2.2

                    sessionCheckReproducible, _ = resend_session_check(self.state, self.callbacks, textAreaText)

                    if request.wasReproducible() and sessionCheckReproducible:
                        self.state.endpointTableModel.setFuzzed(endpoint, True)
                        log("Finished fuzzing %s" % endpoint.url)
                    elif not request.wasReproducible():
                        log("Fuzzing complete but did not mark as fuzzed because no longer reproducible at %s." % endpoint.url)
                    else:
                        log("Fuzzing complete but did not mark as fuzzed because the session check request is no longer reproducible.")
                        raise SessionCheckNotReproducibleException("Base request no longer reproducible.")