feroxbuster
feroxbuster copied to clipboard
[BUG] Replay Proxy Hanging - (workaround implemented 2.6.0)
Not exactly sure what is going on here, but seems like the replay-proxy
hangs if the method is POST
as it works fine with GET
HTB Box: CrossfitTwo
Requires crossfit-club.htb
in host file.
test.txt
signup
login
feroxbuster -u http://crossfit-club.htb/api/ -w test.txt -m POST -k --no-state --replay-proxy 127.0.0.1:8080 --replay-codes 200,301,302,401,403 -vvvv
Appears to be hanging in process_response
of /src/event_handlers/outputs.rs
thankfully, this is an easy one.
in addition to -m POST
, you need to add --data some-value
. Burp gets upset at posts without a body (or at least the (lack of)body that gets produced by feroxbuster.
Might be good to dig a little at what the request looks like with -m POST
and no --data
to see where it's malformed/weird, and then fix it up when the user specifies a post request without data.
After much digging / dinking around with different reqwest settings, I'm at a loss for a fix that doesn't require setting an arbitrary body payload when one isn't provided. I filed an issue here to see if there's any help to be had.
Pending a better solution, when --proxy
or --replay-proxy
is used, and --method=POST
and --data
isn't used, then \r\n
is appended to the request body as a (hopefully) temporary workaround.