Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Payload support for specific request #2083

Closed
ehsandeep opened this issue May 29, 2022 · 0 comments · Fixed by #2161 or #2336
Closed

Payload support for specific request #2083

ehsandeep opened this issue May 29, 2022 · 0 comments · Fixed by #2161 or #2336
Assignees
@Mzack9999
Labels
Investigation Something to Investigate Priority: Medium This issue may be useful, and needs some attention. Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.
Milestone
v2.7.5

Comments

@ehsandeep
Copy link
Member

ehsandeep commented May 29, 2022
edited
Loading

Please describe your feature request:

By default, payload applies on all the requests defined under the request block and executed sequentially, currently, there is no way to specify if we wanted to apply the payload rule on a specific request for the use cases like those shared in the below template that needs to be supported, possibly we can make us of request annotation to mark/identify the request where payload rule will be applicable.

id: multiple-request-payload

info:
  name: Multiple Request Payload
  author: brenocss
  severity: info

requests:
  - raw:
      - | # Request 1
        @once
        GET /login HTTP/1.1
        Host: {{Hostname}}

      - | # Request 2 ( Request to Fuzz)
        POST /login_request HTTP/1.1
        Host: {{Hostname}}

        user=admin&password={{pass}}&csrf_token={{token}}

    cookie-reuse: true
    payloads:
      pass:
        - pass_1
        - pass_2
        - pass_3

    extractors:
      - type: regex
        name: csrf_token
        internal: true
        regex:
          - 'value="(.*?)">'

    matchers:
      - type: word
        words:
          - 'Welcome Admin'

Describe the use case of this feature:

Fetch token from initial request to fuzz subsequent requests.
@ehsandeep ehsandeep added Type: Enhancement Most issues will probably ask for additions or changes. Priority: Medium This issue may be useful, and needs some attention. labels May 29, 2022
@ehsandeep ehsandeep mentioned this issue May 29, 2022
Closed
@Mzack9999 Mzack9999 added the Investigation Something to Investigate label Jun 3, 2022
@Mzack9999 Mzack9999 self-assigned this Jun 12, 2022
@Mzack9999 Mzack9999 added the Status: In Progress This issue is being worked on, and has someone assigned. label Jun 12, 2022
@Mzack9999 Mzack9999 linked a pull request Jun 14, 2022 that will close this issue
Adding prototype of request flow override annotations #2161
Merged
4 tasks
@Mzack9999 Mzack9999 added Status: Review Needed The issue has a PR attached to it which needs to be reviewed and removed Status: In Progress This issue is being worked on, and has someone assigned. labels Jun 14, 2022
@ehsandeep ehsandeep added Status: Completed Nothing further to be done with this issue. Awaiting to be closed. and removed Status: Review Needed The issue has a PR attached to it which needs to be reviewed labels Jul 18, 2022
@ehsandeep ehsandeep added this to the v2.7.5 milestone Jul 24, 2022
@ehsandeep ehsandeep linked a pull request Jul 24, 2022 that will close this issue
v2.7.5 #2336
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mzack9999 Mzack9999

Labels
Investigation Something to Investigate Priority: Medium This issue may be useful, and needs some attention. Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Milestone
v2.7.5
2 participants
@ehsandeep @Mzack9999