Multithreading when using a sequence #52
Description
At the moment, I need to clone the same sequence multiple times to support multi threading. This is how I did it for example in a project when I needed multi-threading in Intruder:
- I created
transaction-sign0totransaction-sign3sequences using export and import function for cloning - The Hackvertor extension then used in Intruder to call each sequence separately (Intruder payload was set to sequential numbers):
x-stepper-execute-before: transaction-sign<@set_variable1('false')><@arithmetic(4,'%',',')>§0§<@/arithmetic><@/set_variable1>
The above header would call four Stepper sequence from number 0 to 3 after the ‘transaction-sign’ string. - The request body in Intruder was also updated to get its parameters from the relevant sequence. The following string shows how the ‘id’ parameter was set as an example:
{"signatures":[{"id":$VAR:transaction-sign<@get_variable1/>:sigid$,"deviceType":"FOOBAR",...
The<@get_variable1/>tag is set by the Hackvertor extension as it has already been set in the header of the same HTTP request using the<@set_variable1tag.
If I use a sequence in Intruder, it limits me to 1 thread as stepper has a visualize way of showing the results. I am not sure how this can be done without a major architectural change though. Perhaps when a trigger signal comes from scanners, extensions, and intruder, instead of showing the result in the stepper panel to cause a dead lock, do everything asynchronously without updating the UI as if they were separate sequences (remember that variables need to point to the result of these sequences so perhaps a cheat can be by updating the $VAR:sequenceName:sigid$ to $VAR:sequenceName[randomNonceHere]:sigid$ when processing the incoming request as well the sequences themselves).
If a sequence also relies on another sequence by calling x-stepper-execute-before it may again cause a deadlock or even denial of service so it needs to be investigated.