Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature: Load raw request from file (http) #214

Open
vdun opened this issue May 9, 2017 · 9 comments
Open

Feature: Load raw request from file (http) #214

vdun opened this issue May 9, 2017 · 9 comments
Labels
enhancement

Comments

@vdun
Copy link

vdun commented May 9, 2017

Load a raw request from a file and fuzz the parameters in it. This would make it easier to use in more complex scenarios.
@vanhauser-thc
Copy link
Owner

vanhauser-thc commented May 9, 2017
edited
Loading

1st - hydra is not a fuzzer. if you want to fuzz parameters - use a fuzzer.
2nd - although there could be a heuristic which tries to identify which field is the login and which the password there might be error (e.g. login and uid and username fields present in the form - which one is correct?) which would result in login attempts that would never work.

I only would see the value in massive auto attacks which could easily be misused.

if you want that feaature, implement it yourself and supply a patch.

@vdun
Copy link
Author

vdun commented May 10, 2017

  1. I mean only fuzzing/bruteforcing the fields specified by '^USER^' and '^PASS^' in the raw request file.
    This would be an alternative to 'HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy'
  2. That is still too fancy to add. No need for this at the moment.

@vanhauser-thc
Copy link
Owner

Ah you mean you use a raw request file where you put ^USER^ and ^PASS^ at the right location?
why would you think that would better than the existing setup? what do you mean by "more complex scenarios"?

@petrock6
Copy link

vdun, are you saying something like a HTTP packet capture from a packet sniffer?

@vdun
Copy link
Author

vdun commented May 21, 2017

By raw it is meant to loading a text file containing the full request and marked parameters inside ^USER^ and ^PASS^. "Complex" I mean you just simply dump the request from pcap, Proxy, browser, ... as it is and provide it directly to hydra, so no need to convert that by hand into long command line parameters.

@petrock6
Copy link

So instead of specifying a URL inside of a command line, you want to specify it in a file? I don't see the point of this, if anything that's more cumbersome than modifying the command line parameters. If I'm missing the point entirely, please be as descriptive as possible, in layman's terms.

@vdun
Copy link
Author

vdun commented May 21, 2017

Something like this :
https://support.portswigger.net/customer/portal/articles/1964020-using-burp-to-brute-force-a-login-page

@vanhauser-thc
Copy link
Owner

OK I understand it now. In complex situations e.g. where there are get and post parameters and http headers.

what basically would happen is that the feature would load the file and split up the request into its component itself. That is easy with the exception of the cookies.

It could be triggered by something like http-form-post://target.com#localfile so to ensure to make it look different to an uri/parameters.

@vdun
Copy link
Author

vdun commented May 22, 2017

@vanhauser-thc: FYI: bletchley-http2py

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@petrock6 @vdun @vanhauser-thc