Comments (9)
of course, you can use it.
from apachsal.
Does it change the parameters from waybackurls like qsreplace of tomnomnom tool?
I tried, but it doesn't change waybackurls parameter it just appends the payloads end of the line also it doesn't check if there is already http
or https
available.
Example:
http://https://example.com/username/edit/?id=2677956../../../../../etc/passwd
CC: @imhunterand
from apachsal.
as the result dont use a http
or https
just a domain example.com
as your target.
from apachsal.
hmm, so after parsing the results from wayback urls we should remove the protocols? is that right? like this
Example:
example.com/endpoint?param=hello&test=world
and it will append the payload?
from apachsal.
Hi @0xspade
The payloads will executed in request-param:
redacted.com/s.?param=
or redacted.com/news=dlldkk/idspath=esxpath={payloads}
from apachsal.
Hi @0xspade
The payloads will executed in request-param:
redacted.com/s.?param=
orredacted.com/news=dlldkk/idspath=esxpath={payloads}
Then this tool needs more modification, I will suggest using regex to check if the _target
variable matches with regex then leave them default URL with HTTP and HTTPS
ApachSAL/modules/request_mrclw.py
Line 23 in 7e0e24a
If it does not match with regex then add target_url = self.protocol + '://'+_target
variable
ApachSAL/modules/request_mrclw.py
Line 18 in 7e0e24a
Yesterday I tried to edit the code for PR but it broke many times due to a lack of code quality style.
from apachsal.
RequestMrclw class
In this code I made changes but in main.py there are some spaghetti codes that make a mess while working.
import re
import time
from socket import timeout
import requests
import urllib
from requests.exceptions import ConnectionError, HTTPError
class RequestMrclw:
def __init__(self):
self.protocol = 'https'
self.timeout = 8
self.header = {}
def send_request(self, _target: str, _value_header: str):
if _target:
target_url = None
target_url = self.protocol + '://'+_target
try:
start = time.time()
if re.match("^(http:\/\/|https:\/\/)+", _target):
print(_target)
obj_urllib = urllib.request.Request(_target)
obj_urllib.add_header(
"Content-type", "application/x-www-form-urlencoded")
obj_urllib.add_header(
"User-Agent", 'Mozilla/5.0 (Macintosh; Intel Mac OS X x.y; rv:42.0) Gecko/20100101 Firefox/42.0')
obj_request = urllib.request.urlopen(
obj_urllib, timeout=self.timeout)
obj_request_result = str(
obj_request.read().decode('utf-8'))
time_final = (f'in {time.time() - start:.2f}s')
if obj_request_result:
return obj_request.url, obj_request_result, obj_request.status, time_final
return _target, 'Empry', obj_request.status, time_final
else:
print(target_url)
obj_urllib = urllib.request.Request(target_url)
obj_urllib.add_header(
"Content-type", "application/x-www-form-urlencoded")
obj_urllib.add_header(
"User-Agent", 'Mozilla/5.0 (Macintosh; Intel Mac OS X x.y; rv:42.0) Gecko/20100101 Firefox/42.0')
obj_request = urllib.request.urlopen(
obj_urllib, timeout=self.timeout)
obj_request_result = str(
obj_request.read().decode('utf-8'))
time_final = (f'in {time.time() - start:.2f}s')
if obj_request_result:
return obj_request.url, obj_request_result, obj_request.status, time_final
return target_url, 'Empry', obj_request.status, time_final
except urllib.error.HTTPError as ehttp:
return target_url, 'HTTP Error!', ehttp.code, str()
except timeout:
return target_url, 'Time!', 'Socket Timed Out', str()
except urllib.error.URLError as eurl:
return target_url, 'URL Error!', eurl.reason, str()
RequestMrclw().send_request("hackerone.com", None)
Output of send_request()
I suggest you implement this fix for this tool it will make more sense while working with waybackurls data.
CC: @imhunterand
from apachsal.
Hi! @rudSarkar
Please make it to pull-request
at this project source for contribute.
Regards,
from apachsal.
Hi! @rudSarkar Please make it to
pull-request
at this project source for contribute.Regards,
But it breaks the main.py
and returns URL ERROR!
.
from apachsal.
Related Issues (5)
- Too many false positives HOT 1
- json.decoder.JSONDecodeError HOT 1
- Error
- main.py HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from apachsal.