Comments (9)
imhunterand
commented on August 16, 2024
of course, you can use it.
from apachsal.
rudSarkar
commented on August 16, 2024
Does it change the parameters from waybackurls like qsreplace of tomnomnom tool?
I tried, but it doesn't change waybackurls parameter it just appends the payloads end of the line also it doesn't check if there is already http or https available.
Example:
http://https://example.com/username/edit/?id=2677956../../../../../etc/passwdCC: @imhunterand
from apachsal.
imhunterand
commented on August 16, 2024
as the result dont use a http or https just a domain example.com as your target.
from apachsal.
0xspade
commented on August 16, 2024
hmm, so after parsing the results from wayback urls we should remove the protocols? is that right? like this
Example:
example.com/endpoint?param=hello&test=world
and it will append the payload?
from apachsal.
imhunterand
commented on August 16, 2024
Hi @0xspade
The payloads will executed in request-param:
redacted.com/s.?param= or redacted.com/news=dlldkk/idspath=esxpath={payloads}
from apachsal.
rudSarkar
commented on August 16, 2024
Hi @0xspade
The payloads will executed in request-param:
redacted.com/s.?param=orredacted.com/news=dlldkk/idspath=esxpath={payloads}
Then this tool needs more modification, I will suggest using regex to check if the _target variable matches with regex then leave them default URL with HTTP and HTTPS
ApachSAL/modules/request_mrclw.py
Line 23 in 7e0e24a
If it does not match with regex then add target_url = self.protocol + '://'+_target variable
ApachSAL/modules/request_mrclw.py
Line 18 in 7e0e24a
Yesterday I tried to edit the code for PR but it broke many times due to a lack of code quality style.
from apachsal.
rudSarkar
commented on August 16, 2024
RequestMrclw class
In this code I made changes but in main.py there are some spaghetti codes that make a mess while working.
import re
import time
from socket import timeout
import requests
import urllib
from requests.exceptions import ConnectionError, HTTPError
class RequestMrclw:
def __init__(self):
self.protocol = 'https'
self.timeout = 8
self.header = {}
def send_request(self, _target: str, _value_header: str):
if _target:
target_url = None
target_url = self.protocol + '://'+_target
try:
start = time.time()
if re.match("^(http:\/\/|https:\/\/)+", _target):
print(_target)
obj_urllib = urllib.request.Request(_target)
obj_urllib.add_header(
"Content-type", "application/x-www-form-urlencoded")
obj_urllib.add_header(
"User-Agent", 'Mozilla/5.0 (Macintosh; Intel Mac OS X x.y; rv:42.0) Gecko/20100101 Firefox/42.0')
obj_request = urllib.request.urlopen(
obj_urllib, timeout=self.timeout)
obj_request_result = str(
obj_request.read().decode('utf-8'))
time_final = (f'in {time.time() - start:.2f}s')
if obj_request_result:
return obj_request.url, obj_request_result, obj_request.status, time_final
return _target, 'Empry', obj_request.status, time_final
else:
print(target_url)
obj_urllib = urllib.request.Request(target_url)
obj_urllib.add_header(
"Content-type", "application/x-www-form-urlencoded")
obj_urllib.add_header(
"User-Agent", 'Mozilla/5.0 (Macintosh; Intel Mac OS X x.y; rv:42.0) Gecko/20100101 Firefox/42.0')
obj_request = urllib.request.urlopen(
obj_urllib, timeout=self.timeout)
obj_request_result = str(
obj_request.read().decode('utf-8'))
time_final = (f'in {time.time() - start:.2f}s')
if obj_request_result:
return obj_request.url, obj_request_result, obj_request.status, time_final
return target_url, 'Empry', obj_request.status, time_final
except urllib.error.HTTPError as ehttp:
return target_url, 'HTTP Error!', ehttp.code, str()
except timeout:
return target_url, 'Time!', 'Socket Timed Out', str()
except urllib.error.URLError as eurl:
return target_url, 'URL Error!', eurl.reason, str()
RequestMrclw().send_request("hackerone.com", None)Output of send_request()
I suggest you implement this fix for this tool it will make more sense while working with waybackurls data.
CC: @imhunterand
from apachsal.
imhunterand
commented on August 16, 2024
Hi! @rudSarkar
Please make it to pull-request at this project source for contribute.
Regards,
from apachsal.
rudSarkar
commented on August 16, 2024
Hi! @rudSarkar Please make it to
pull-requestat this project source for contribute.Regards,
But it breaks the main.py and returns URL ERROR!.
from apachsal.
Related Issues (5)
- Too many false positives HOT 1
- json.decoder.JSONDecodeError HOT 1
- Error
- main.py HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from apachsal.