mirror of
https://github.com/ffuf/ffuf
synced 2024-11-10 14:14:24 +00:00
Added POST data fuzzing
This commit is contained in:
parent
0875ade878
commit
466a011db9
2 changed files with 7 additions and 0 deletions
6
main.go
6
main.go
|
@ -50,6 +50,7 @@ func main() {
|
||||||
flag.BoolVar(&conf.TLSSkipVerify, "k", false, "Skip TLS identity verification (insecure)")
|
flag.BoolVar(&conf.TLSSkipVerify, "k", false, "Skip TLS identity verification (insecure)")
|
||||||
flag.StringVar(&opts.filterStatus, "fc", "", "Filter HTTP status codes from response")
|
flag.StringVar(&opts.filterStatus, "fc", "", "Filter HTTP status codes from response")
|
||||||
flag.StringVar(&opts.filterSize, "fs", "", "Filter HTTP response size")
|
flag.StringVar(&opts.filterSize, "fs", "", "Filter HTTP response size")
|
||||||
|
flag.StringVar(&conf.Data, "d", "", "POST data.")
|
||||||
//flag.StringVar(&opts.filterRegex, "fr", "", "Filter regex")
|
//flag.StringVar(&opts.filterRegex, "fr", "", "Filter regex")
|
||||||
//flag.StringVar(&opts.filterReflect, "fref", "", "Filter reflected payload")
|
//flag.StringVar(&opts.filterReflect, "fref", "", "Filter reflected payload")
|
||||||
flag.StringVar(&opts.matcherStatus, "mc", "200,204,301,302,307", "Match HTTP status codes from respose")
|
flag.StringVar(&opts.matcherStatus, "mc", "200,204,301,302,307", "Match HTTP status codes from respose")
|
||||||
|
@ -132,9 +133,14 @@ func prepareConfig(parseOpts *cliOptions, conf *ffuf.Config) error {
|
||||||
errlist = multierror.Append(errlist, fmt.Errorf("Header defined by -H needs to have a value. \":\" should be used as a separator."))
|
errlist = multierror.Append(errlist, fmt.Errorf("Header defined by -H needs to have a value. \":\" should be used as a separator."))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
//Search for keyword from URL and POST data too
|
||||||
if strings.Index(conf.Url, "FUZZ") != -1 {
|
if strings.Index(conf.Url, "FUZZ") != -1 {
|
||||||
foundkeyword = true
|
foundkeyword = true
|
||||||
}
|
}
|
||||||
|
if strings.Index(conf.Data, "FUZZ") != -1 {
|
||||||
|
foundkeyword = true
|
||||||
|
}
|
||||||
|
|
||||||
if !foundkeyword {
|
if !foundkeyword {
|
||||||
errlist = multierror.Append(errlist, fmt.Errorf("No FUZZ keywords found in headers or URL, nothing to do."))
|
errlist = multierror.Append(errlist, fmt.Errorf("No FUZZ keywords found in headers or URL, nothing to do."))
|
||||||
}
|
}
|
||||||
|
|
|
@ -47,6 +47,7 @@ func (r *SimpleRunner) Prepare(input []byte) (ffuf.Request, error) {
|
||||||
}
|
}
|
||||||
req.Input = input
|
req.Input = input
|
||||||
req.Url = strings.Replace(r.config.Url, "FUZZ", string(input), -1)
|
req.Url = strings.Replace(r.config.Url, "FUZZ", string(input), -1)
|
||||||
|
req.Data = []byte(strings.Replace(r.config.Data, "FUZZ", string(input), -1))
|
||||||
return req, nil
|
return req, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue