Hi there! I’m using mitmdump with a custom script to ensure that a my requests always have a valid (custom) authentication header in the request. I’m using mitmdump as an upstream proxy in conjunction with Burp’s scanner so the requests that come through are automated. Essentially, I need maintain a couple of global variables between each request/response to indicate whether or not a particular header value is still valid. If a given response indicates that the session token is invalid, I would want to update a global flag to indicate that I need a new auth token. My next request would need to inspect that flag and perform the appropriate steps to grab a new auth token if needed, save it to another global var and reset the global “is valid” flag. That globally saved auth token would need to subsequently added/updated to the outbound request.
So in essence:
global vars:
isValidSess, authToken
response code:
if response body/status/whatever indicates an invalid session then set isValidSess = false
request code
if isValidSess == false, then
perform side task to get a new token
save new auth token to authToken
set isValidSess == true
update outbound headers so that authToken is added to the request
What would be the best method to maintain session between the separate req/resp pairs? I’m saying “global variable”, but it’s only to get the idea across of what I’m looking to do…and I’m a bit new to python. 