thc-hydra icon indicating copy to clipboard operation
thc-hydra copied to clipboard

Published 20 hours ago verified publisher icon vanhauser-thc

Feature: Load raw request from file (http)

Open vdun opened this issue 7 years ago • 9 comments

Load a raw request from a file and fuzz the parameters in it. This would make it easier to use in more complex scenarios.

vdun avatar May 09 '17 07:05 vdun

1st - hydra is not a fuzzer. if you want to fuzz parameters - use a fuzzer. 2nd - although there could be a heuristic which tries to identify which field is the login and which the password there might be error (e.g. login and uid and username fields present in the form - which one is correct?) which would result in login attempts that would never work.

I only would see the value in massive auto attacks which could easily be misused.

if you want that feaature, implement it yourself and supply a patch.

vanhauser-thc avatar May 09 '17 09:05 vanhauser-thc

  1. I mean only fuzzing/bruteforcing the fields specified by '^USER^' and '^PASS^' in the raw request file. This would be an alternative to 'HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy'
  2. That is still too fancy to add. No need for this at the moment.

vdun avatar May 10 '17 09:05 vdun

Ah you mean you use a raw request file where you put ^USER^ and ^PASS^ at the right location? why would you think that would better than the existing setup? what do you mean by "more complex scenarios"?

vanhauser-thc avatar May 20 '17 13:05 vanhauser-thc

vdun, are you saying something like a HTTP packet capture from a packet sniffer?

petrock6 avatar May 20 '17 18:05 petrock6

By raw it is meant to loading a text file containing the full request and marked parameters inside ^USER^ and ^PASS^. "Complex" I mean you just simply dump the request from pcap, Proxy, browser, ... as it is and provide it directly to hydra, so no need to convert that by hand into long command line parameters.

vdun avatar May 21 '17 00:05 vdun

So instead of specifying a URL inside of a command line, you want to specify it in a file? I don't see the point of this, if anything that's more cumbersome than modifying the command line parameters. If I'm missing the point entirely, please be as descriptive as possible, in layman's terms.

petrock6 avatar May 21 '17 04:05 petrock6

Something like this : https://support.portswigger.net/customer/portal/articles/1964020-using-burp-to-brute-force-a-login-page

vdun avatar May 21 '17 13:05 vdun

OK I understand it now. In complex situations e.g. where there are get and post parameters and http headers.

what basically would happen is that the feature would load the file and split up the request into its component itself. That is easy with the exception of the cookies.

It could be triggered by something like http-form-post://target.com#localfile so to ensure to make it look different to an uri/parameters.

vanhauser-thc avatar May 22 '17 07:05 vanhauser-thc

@vanhauser-thc: FYI: bletchley-http2py

vdun avatar May 22 '17 13:05 vdun