-
Notifications
You must be signed in to change notification settings - Fork 4
/
example.ini
74 lines (49 loc) · 2.57 KB
/
example.ini
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
[default]
# Job Name
name = Name
# Specify the target URL
URL = http://127.0.0.1/index.php
# Specify the HTTP method (GET or POST)
httpMethod = GET
# when using POST, specify the POST mode: (form-urlencoded, multipart, or json)
postFormat = form-urlencoded
# specify the input mode (parameter, body, cookie)
inputMode = cookie
# encoding mode. Current options are base64, base64Url, or hex
encodingMode = base64
# Specify the parameter which contains the vulnerable variable
vulnerableParameter = auth
# Additional Parameters (specified in a dictionary as a key/value pair). Be sure to use double quotes.
additionalParameters = {}
# Set the blocksize for the target
blocksize = 8
# Enable / Disable http proxy for outgoing traffic
httpProxyOn = True
httpProxyIp = 127.0.0.1
httpProxyPort = 8080
# Specify headers to add to the request (specified in a dictionary as a key/value pair)
headers = {"User-Agent":"Mozilla/5.0","Content-Type":"application/json"}
# Specify Cookies to add to the request (specified in a dictionary as a key/value pair)
cookies = {}
# Specify the IV mode
# In most implementations, the IV is provided as the 'first block' of the ciphertext.
# In other cases, the IV may be kept a known secret by both endpoints. In such a case, it should still be possible to decrypt everything but the first block.
# The IV may also be a static values such as all zeroes.
# Modes:
# 'firstblock'. This mode assumes that the first block of the ciphertext is the IV (most common)
# 'knownIV'. This mode allows for user provided IV
# 'unknown'. Use this mode when you do not know the IV and it is not the first block but still wish to decrypt all but the first block, or re-encrypt all but the first block for encryption
# 'lastblock'. This has not been implemented yet, but it may be in the future as it is a rare but possible configuration
# choose from one of the above modes
ivMode = firstblock
# If using knownIV mode, specify the IV
#IV should be in decimal list format. For example: [72,65,82,65,77,66,69]
iv = [0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0]
# The oracle defines the information leak that is abused to know when padding is valid. This is typically an error message.
# There are several trigger modes depending on the situation. Sometimes you will want to look for a specific phrase, other times you want to look for an absence of that phrase.
# trigger modes:
# 'search' - simply look for a specific phrase
# 'negative' - the opposite of search. Trigger when you don't see the phrase
oracleMode = negative
# Define the search phrase to look for from the oracle
oracleText = Invalid padding