From 780dbd1c64690726eed291e77f9a2fc12d230610 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 23 Oct 2014 11:42:30 +0200
Subject: [PATCH] Update for an Issue #2

---
 lib/core/target.py | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/core/target.py b/lib/core/target.py
index 343cb32a2..11910a2d9 100644
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -349,6 +349,16 @@ def _setRequestParams():
             errMsg = "CSRF protection token parameter '%s' not " % conf.csrfToken
             errMsg += "found in provided GET and/or POST values"
             raise SqlmapGenericException(errMsg)
+    else:
+        for place in (PLACE.GET, PLACE.POST):
+            for parameter in conf.paramDict.get(place, {}):
+                if parameter.lower().startswith("csrf"):
+                    message = "%s parameter '%s' appears to hold CSRF protection token. " % (place, parameter)
+                    message += "Do you want sqlmap to automatically update it in further requests? [y/N] "
+                    test = readInput(message, default="N")
+                    if test and test[0] in ("y", "Y"):
+                        conf.csrfToken = parameter
+                    break
 
 def _setHashDB():
     """