Capturing multiple values via extractors regex, how to iterate?

[hktalent]

hello @ehsandeep
Capturing multiple values via extractors regex

extractors:
      - type: regex
        part: body
        name: token
        internal: true
        group: 2
        regex:
          - '(token)="(.*)"'

I want to make multiple iterations of the request below, how should I write it?

thanks

      - |+
        GET /api/v1/xxx/ HTTP/1.1
        Host: {{Hostname}}
        Authorization: Bearer {{token}}
        User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36
        Referer: https://{{Hostname}}
        Accept-Encoding: gzip, deflate
        Accept-Language: en-US,en;q=0.9
        Connection: close

I know that the following can take effect when the variable is a collection, but I am not sure whether the extractors rules can capture a collection and use it for iteration

 attack: clusterbomb  # Available options: sniper, pitchfork and clusterbomb

In addition, can you give an example on how to define global variables so that they can be referenced in yaml? For example definition: token:
([A-Za-z0-9-]+.[A-Za-z0-9-]+.[A-Za-z0-9-_]{256})|([ A-Za-z0-9+/]{48,172}=*)|([A-Za-z0-9+/=]{256})|([A-Za-z0-9]{32,128} )|([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F ]{4}-[0-9a-fA-F]{12})

OAuth 2.0 access token:

Length: 32 bits

Regular:[A-Za-z0-9]{32}

JWT token:

Length: 256 bits

Regular: [A-Za-z0-9+/=]{256}

Session token:

Length: 128 bits

Regular:[A-Za-z0-9]{128}

CSRF token:

Length: 32 bits

Regular:[A-Za-z0-9]{32}

Analysis:

OAuth 2.0 access token and CSRF token use random 32 digits of letters and numbers
JWT token uses Base64 encoding, so it contains letters, numbers and +/= symbols, and is 256 bits in length
Session token uses 128 random digits of letters and numbers
Both use [] to match a specified number of characters, and {n} to match exactly n characters.
Add A-Za-z0-9 to match all uppercase and lowercase letters and numbers
The addition of +/= in the JWT token indicates that it also matches the special symbols contained in Base64.

[fl0mb]

any updates?
I would like to extract something and send a request to the extracted result. My variable does however have multiple matches and is thus not valid:

http:
  - method: GET
    path:
      - "{{BaseURL}}"

    extractors:
      - type: regex
        part: all
        internal: true
        name: loginurl
        regex:
            - "https:\\/\\/(login\\.microsoftonline\\.(com|us|cn)"

  - method: GET
    path: 
      - "{{loginurl}}"

Reported Error

[WRN] [microsoft-entra-login] Could not execute step: [:RUNTIME] got following errors while executing flow <- [:RUNTIME] failed to execute http:2 protocol <- [http:RUNTIME] failed to parse url [https://login.microsoftonline.com https://login.microsoftonline.com] while creating http request