qsfuzz icon indicating copy to clipboard operation
qsfuzz copied to clipboard

Published 20 hours ago verified publisher icon ameenmaali

Feature Request: Inject Headers

Open dptsec opened this issue 4 years ago • 1 comments

It may be useful to be able to inject headers on a rule basis in addition to specifying them on the command line. This would allow us to test rules like the following using the already built-in functionality for response matching:

    CORSDetection:
      description: CORS misconfiguration
      injectHeader:
        - "Origin: test.com"
      expectation:
        responseHeaders:
          - Access-Control-Allow-Origin: test.com

This could also be extended to further tests such as X-Host, X-Forwarded-Host, X-Forwarded-Server being reflected in the response, or Host header SSRF's.

The benefit to having this feature as a rule instead of setting a blanket header for every request is that some hosts and endpoints may respond badly to them.

dptsec avatar Apr 06 '20 18:04 dptsec

Thanks for the suggestion @movsxd. I've considered this a bunch so far, and will think about how/if we can do this. Basically, the tool was built specifically for query string injections, and while it could migrate more broadly, I'm not sure if that's the best direction to take as there are other tools out there focused on more broad scanning. Either way, appreciate it and I'll think a bit about this.

ameenmaali avatar Apr 07 '20 01:04 ameenmaali