ptp icon indicating copy to clipboard operation
ptp copied to clipboard

Published 20 hours ago verified publisher icon owtf

Parsing HTTP requests should link to finding

Open DePierre opened this issue 8 years ago • 0 comments

@DoomTaper has implemented new HTTP parsers (via 713a8fba1a402203de6ca5c02bd5e14e892ba2c3), where PTP now supports new tool reports that embed the HTTP requests sent to the target.

However, the HTTP requests are being parsed in a bulk-mode. The parser creates a new key transactions in the vulns dictionary returned by ptp.parse() which is not very useful currently since there is no way to find what HTTP request(s) led to the discovery of the finding.

Instead, the parser should for each finding specify the corresponding HTTP requests (as a PoC provided by the tool.

For instance, instead of having an output like:

>>> myptp.parse(pathname='my/other/directory')
[{'ranking': 1}, {'ranking': 2}, {'transactions': [{. . .}, {. . .}, ...]}]

PTP should output:

>>> myptp.parse(pathname='my/other/directory')
[{'ranking': 1, 'transaction': [{. . .}, . . .]}, {'ranking': 2, 'transactions': [{. . .}, . . .]}]

@DoomTaper If you are willing to have a look, feel free.

DePierre avatar Jan 03 '17 20:01 DePierre