1
id: flow-multi-payload-iteration
2

3
info:
4
  name: Flow with multiple payload iterations
5
  author: test
6
  severity: info
7

8
flow: http()
9

10
http:
11
  - raw:
12
      - |
13
        GET /step1 HTTP/1.1
14
        Host: {{Hostname}}
15

16
      - |
17
        POST /login HTTP/1.1
18
        Host: {{Hostname}}
19
        Content-Type: application/x-www-form-urlencoded
20

21
        username={{user}}&password={{pass}}
22

23
      - |
24
        GET /data?user={{user}} HTTP/1.1
25
        Host: {{Hostname}}
26

27
    attack: pitchfork
28
    payloads:
29
      user:
30
        - admin
31
        - guest
32
      pass:
33
        - secret1
34
        - secret2
35

36
    stop-at-first-match: true
37

38
    matchers-condition: and
39
    matchers:
40
      - type: word
41
        part: body_1
42
        words:
43
          - "step1-ok"
44

45
      - type: word
46
        part: body_2
47
        words:
48
          - "login-ok"
49

50
      - type: word
51
        part: body_3
52
        words:
53
          - "data-ok"
54

55