osxtest
osxtest
**描述错误** 一些 js 里可能会包含一些删除数据的接口,若这些接口刚好存在未授权,就可能导致**数据误删**。例如接口 ``` https://foo.bar/Filter/delFilterById https://foo.bar/comment/delete https://foo.bar/product/delProductLine ``` **建议** - 在 *API提取* 时添加 黑名单关键词 如 del, remove。可以多加些敏感操作的关键词,目的是宁可误报也不漏报 - 在 *参数提取* 时正常解析,但是不做任何发包与漏洞检测 - 最后报告输出时添加类似 敏感操作接口解析 的结果,让用户自行复制数据包测试,即使误报了也有数据保留
split cookie like `Cookie: user=foo; session=bar`, will get key like `" session"` which contains space
Hi, I noticed that at code https://github.com/w-digital-scanner/w13scan/blob/master/W13SCAN/lib/proxy/baseproxy.py#L423-L450 you are trying to relay some HTTPS requests directly accroding to the extension in the `CONNECT` request, but it looks like it will...
### Bug description Steps to reproduce the problem: 1. Create a form with `enctype="multipart/form-data"`, e.g. ```html ``` 2. Open the page with puppeteer, add a request interceptor, add a file...
Hi, thanks for the great lib. I'm encountering the same issue as described in issue https://github.com/valyala/fasthttp/issues/686. By setting `Client.MaxResponseBodySize`, it returns `ErrBodyTooLarge` when the response body length exceeds this value....
Hi, In the EvilPot system, it goes to sleep if it matches the `sleep` or `waitfor` function. https://github.com/chaitin/xray/blob/e0e361a596566a996f0fb4558900e981f40bbf8f/tests/evilpot/evil/evil.go#L73-L95 However, the sleep action behaves the same as a real-world time-based SQL...