jaeles There Is One Feature Is Missing ^.^

There Is One Feature Is Missing ^.^

Open 0xAwali opened this issue 4 years ago • 5 comments

Actually This Tool Is So Great , But In type: fuzz There Is One Feature Missing It Is Fuzz Cookie Header , This Tool Give Us To Replace Value Of Header Name But Let e.g. Cookie Header Of The Origin Request Like This Cookie: session=1; id=22; lang=en So It Is Possible To Fuzz Cookie Here Like Fuzzing Body e.g. Can You Add Something Like That

id: Cookie-Fuzz
info:
  name: Fuzz Cookie Headers
  risk: Critical
type: fuzz
payloads:
  - '../../../../etc/passwd'
requests:
  - generators:
       - Header-Fuzz("{{.payload}}", "Cookie")

So Here Header-Fuzz Generate Three Requests Cookie: session=../../../../etc/passwd; id=22; lang=en Cookie: session=1; id=../../../../etc/passwd; lang=en Cookie: session=1; id=22; lang=../../../../etc/passwd So Can This Happen ?

Feb 06 '21 13:02 0xAwali

in jaeles is this feature fuzz headers and cookies. Header("[[.original]]{{.payload}}", "X-Sample")

Cookie("[[.original]]{{.payload}}")

but when I test with cookie it only tests last cookie value if add [[.original]] but if not add [[.original]] jaeles adds new cookie. it is not works correct.

Feb 18 '21 16:02 ghsec

OMG , Thank You For Mention That

Screenshot_2021-02-19_00-49-00

I Did Not See That Before , I Will Check It

Feb 19 '21 00:02 0xAwali

@0xAwali bug with fuzzing cookie I tested on v0.14 of jaeles. In current version I don't know this bug fixed or not. @j3ssie know about this. Tomorow I update jaeles and test again for confirm bug fixed or not. Maybe @j3ssie fixed this.

Feb 19 '21 00:02 ghsec

I Tested On The Current Version And Still Does Not Work Correctly

pngegg

Apr 15 '21 02:04 0xAwali

Hy it only try last cookie. Is there anyway to fuzz all cookies?

Jul 20 '21 04:07 iamRjarpan

jaeles jaeles copied to clipboard

There Is One Feature Is Missing ^.^

I Tested On The Current Version And Still Does Not Work Correctly

jaeles
jaeles copied to clipboard