Make header names and values extractable #9

Webklex · 2022-09-19T01:09:50Z

I extended the "extract" part of the http module in order to make it possible to extract data from the response header and added a missing file extension to one of the examples.

Webklex · 2022-09-19T02:43:38Z

I also added support to allow template variables within parameter.url and parameter.method.

Webklex · 2022-09-19T04:24:00Z

..and the option to chain cookies from multiple responses.
For example:

name: login
description: login with test credentials
module: http
parameter:
    url: http://example.com/login
    method: POST
    body:
        username: user
        password: password
---
name: something_else
description: Do something else
module: http
parameter:
    url: http://example.com/something
    method: GET
---
name: exploit
description: exploit as the logged in user
module: http
parameter:
    url: http://example.com/profile
    method: POST
    body:
        inject: "'Foobar"
    cookies: login.response.cookies,something_else.response.cookies
    find: You have an error in your SQL syntax

Webklex added 3 commits September 19, 2022 02:57

Make header names and values extractable

c890860

Missing file extension added

df2c67b

Allow template variables within parameter.url and parameter.method

9aeefd9

Chain multiple response cookies divided by ","

5a8d0fd

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Make header names and values extractable #9

Make header names and values extractable #9

Webklex commented Sep 19, 2022

Webklex commented Sep 19, 2022

Webklex commented Sep 19, 2022

Make header names and values extractable #9

Are you sure you want to change the base?

Make header names and values extractable #9

Conversation

Webklex commented Sep 19, 2022

Webklex commented Sep 19, 2022

Webklex commented Sep 19, 2022