dalfox icon indicating copy to clipboard operation
dalfox copied to clipboard
verified publisher icon hahwul

$ dalfox payload[enum] --custom-payload --only-custom payload payloads.txt - (Question & Future Request)

Open e393 opened this issue 1 year ago • 0 comments

Question

  1. can dalfox run the payload enumeration process along with using custom payloads at the same time? if so which has priority --custom-payload or payload [enum]

  • also does running '$dalfox payload' auto enum default payloads ? if so what is the format of these enumerations

  • i have my own payload generator and i have so it gen payloads based on CSP report of domain.com, it would be nice to enumerate payloads based on user custom input for 'c_events=alert()' and '<c_tags></c_tags>' and 'c_events=c_alerts()'

example of my logic: user input: c_svg, c_event, c_alert + brute randomizer

"><c_tags c_events=c_alerts()></c_tags> =>
"><s.V.g OnLoAd=prOmpT()></.S.v.G.>

feature requests: enumerate payloads based on user input c_events.txt c_tags.txt c_alerts.txt

if dev wants to see an example of my generator and csp reporter, i would be happy to share, to get this implemented to Dalfox if logic isn't already implemented and im using the wrong flags.

Environment

  • Dalfox Version: 2.9.3
  • Installed from: go-get

e393 avatar Dec 19 '24 22:12 e393