Mirrors/ffuf
2
0
Fork 0
mirror of https://github.com/ffuf/ffuf synced 2024-09-20 14:01:54 +00:00
Code Issues Projects Releases Packages Wiki Activity

Added POST data fuzzing

Browse source
This commit is contained in:
Joona Hoikkala 2018-11-08 11:49:06 +02:00
parent 0875ade878
commit 466a011db9
No known key found for this signature in database
GPG key ID: D5AA86BBF9B29A5C
2 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
main.go
View file

@ -50,6 +50,7 @@ func main() {
flag.BoolVar(&conf.TLSSkipVerify, "k", false, "Skip TLS identity verification (insecure)")
flag.StringVar(&opts.filterStatus, "fc", "", "Filter HTTP status codes from response")
flag.StringVar(&opts.filterSize, "fs", "", "Filter HTTP response size")
flag.StringVar(&conf.Data, "d", "", "POST data.")
//flag.StringVar(&opts.filterRegex, "fr", "", "Filter regex")
//flag.StringVar(&opts.filterReflect, "fref", "", "Filter reflected payload")
flag.StringVar(&opts.matcherStatus, "mc", "200,204,301,302,307", "Match HTTP status codes from respose")
@ -132,9 +133,14 @@ func prepareConfig(parseOpts *cliOptions, conf *ffuf.Config) error {
errlist = multierror.Append(errlist, fmt.Errorf("Header defined by -H needs to have a value. \":\" should be used as a separator."))
}
}
//Search for keyword from URL and POST data too
if strings.Index(conf.Url, "FUZZ") != -1 {
foundkeyword = true
}
if strings.Index(conf.Data, "FUZZ") != -1 {
foundkeyword = true
}
if !foundkeyword {
errlist = multierror.Append(errlist, fmt.Errorf("No FUZZ keywords found in headers or URL, nothing to do."))
}

1
pkg/runner/simple.go
View file

@ -47,6 +47,7 @@ func (r *SimpleRunner) Prepare(input []byte) (ffuf.Request, error) {
}
req.Input = input
req.Url = strings.Replace(r.config.Url, "FUZZ", string(input), -1)
req.Data = []byte(strings.Replace(r.config.Data, "FUZZ", string(input), -1))
return req, nil
}