nuclei icon indicating copy to clipboard operation
nuclei copied to clipboard
verified publisher icon projectdiscovery

path + query automerge support for query fuzzing in http and headless protocol

Open ehsandeep opened this issue 2 years ago • 0 comments

Please describe your feature request:

Based on https://github.com/projectdiscovery/nuclei/discussions/3922

Describe the use case of this feature:

Template:

id: fuzz-automerge

info:
  name: testing fuzzing automerge
  author: pdteam
  severity: info

http:
  - method: GET
    path:
      - "{{BaseURL}}/tags?a=b"

    payloads:
      reflection:
        - "test2"

    fuzzing:
      - part: query
        type: replace
        mode: single
        fuzz:
          - "{{reflection}}"

Example run:

echo https://example.com/testing | nuclei -t test.yaml

Expected output:

[VER] [fuzz-automerge] Sent HTTP request to https://example.com/testing/tags?a=test2

This applies to http + headless protocol (related https://github.com/projectdiscovery/nuclei/issues/3919)

ehsandeep avatar Jul 19 '23 11:07 ehsandeep