Added POST data fuzzing

This commit is contained in:
Joona Hoikkala 2018-11-08 11:49:06 +02:00
parent 0875ade878
commit 466a011db9
No known key found for this signature in database
GPG key ID: D5AA86BBF9B29A5C
2 changed files with 7 additions and 0 deletions

View file

@ -50,6 +50,7 @@ func main() {
flag.BoolVar(&conf.TLSSkipVerify, "k", false, "Skip TLS identity verification (insecure)") flag.BoolVar(&conf.TLSSkipVerify, "k", false, "Skip TLS identity verification (insecure)")
flag.StringVar(&opts.filterStatus, "fc", "", "Filter HTTP status codes from response") flag.StringVar(&opts.filterStatus, "fc", "", "Filter HTTP status codes from response")
flag.StringVar(&opts.filterSize, "fs", "", "Filter HTTP response size") flag.StringVar(&opts.filterSize, "fs", "", "Filter HTTP response size")
flag.StringVar(&conf.Data, "d", "", "POST data.")
//flag.StringVar(&opts.filterRegex, "fr", "", "Filter regex") //flag.StringVar(&opts.filterRegex, "fr", "", "Filter regex")
//flag.StringVar(&opts.filterReflect, "fref", "", "Filter reflected payload") //flag.StringVar(&opts.filterReflect, "fref", "", "Filter reflected payload")
flag.StringVar(&opts.matcherStatus, "mc", "200,204,301,302,307", "Match HTTP status codes from respose") flag.StringVar(&opts.matcherStatus, "mc", "200,204,301,302,307", "Match HTTP status codes from respose")
@ -132,9 +133,14 @@ func prepareConfig(parseOpts *cliOptions, conf *ffuf.Config) error {
errlist = multierror.Append(errlist, fmt.Errorf("Header defined by -H needs to have a value. \":\" should be used as a separator.")) errlist = multierror.Append(errlist, fmt.Errorf("Header defined by -H needs to have a value. \":\" should be used as a separator."))
} }
} }
//Search for keyword from URL and POST data too
if strings.Index(conf.Url, "FUZZ") != -1 { if strings.Index(conf.Url, "FUZZ") != -1 {
foundkeyword = true foundkeyword = true
} }
if strings.Index(conf.Data, "FUZZ") != -1 {
foundkeyword = true
}
if !foundkeyword { if !foundkeyword {
errlist = multierror.Append(errlist, fmt.Errorf("No FUZZ keywords found in headers or URL, nothing to do.")) errlist = multierror.Append(errlist, fmt.Errorf("No FUZZ keywords found in headers or URL, nothing to do."))
} }

View file

@ -47,6 +47,7 @@ func (r *SimpleRunner) Prepare(input []byte) (ffuf.Request, error) {
} }
req.Input = input req.Input = input
req.Url = strings.Replace(r.config.Url, "FUZZ", string(input), -1) req.Url = strings.Replace(r.config.Url, "FUZZ", string(input), -1)
req.Data = []byte(strings.Replace(r.config.Data, "FUZZ", string(input), -1))
return req, nil return req, nil
} }