explo icon indicating copy to clipboard operation
explo copied to clipboard

Published 20 hours ago verified publisher icon telekom-security

Make header names and values extractable

Open Webklex opened this issue 3 years ago • 2 comments

I extended the "extract" part of the http module in order to make it possible to extract data from the response header and added a missing file extension to one of the examples.

Webklex avatar Sep 19 '22 01:09 Webklex

I also added support to allow template variables within parameter.url and parameter.method.

Webklex avatar Sep 19 '22 02:09 Webklex

..and the option to chain cookies from multiple responses. For example:

name: login
description: login with test credentials
module: http
parameter:
    url: http://example.com/login
    method: POST
    body:
        username: user
        password: password
---
name: something_else
description: Do something else
module: http
parameter:
    url: http://example.com/something
    method: GET
---
name: exploit
description: exploit as the logged in user
module: http
parameter:
    url: http://example.com/profile
    method: POST
    body:
        inject: "'Foobar"
    cookies: login.response.cookies,something_else.response.cookies
    find: You have an error in your SQL syntax

Webklex avatar Sep 19 '22 04:09 Webklex