Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Suggest some features such as reload, keep testing #33

Open
alasalamont opened this issue Jan 7, 2024 · 3 comments
Open

Suggest some features such as reload, keep testing #33

alasalamont opened this issue Jan 7, 2024 · 3 comments
Labels
delayed The issue will be fixed with a big update later enhancement New feature or request

Comments

@alasalamont
Copy link

Hi brother,

I would like to suggest some features for the tools as follow

  1. Has ability to reload target URL after injections (Ex: --url-reload ), cause in some forms after submitting, it will generate the new CSRF token which will cause false result
  2. Has ability to keep testing all the payload when set -level 5. Normally, if the first 3 payloads pass, the tool will stop. I cannot know what payloads are using at level 5 (for learning purpose). The only way is try to make the request goes wrong, then the tool will throw all payload
  3. Second order. This idea has already been suggested by someone, I'm really looking forward to this ^^

Regards!
@vladko312
Copy link
Owner

it will generate the new CSRF token which will cause false result

Bypassing CSRF can be rather hard and might need to be tailored to the specific website. Especially if the token is not in cookies.
Same goes for second order. I have plans to add custom requesting workflows in the future, but it is not as easy as adding a single flag.

Normally, if the first 3 payloads pass, the tool will stop.

What do you mean by that? The tool will generate payloads until the vulnerability is found or all the payloads are checked.
I have plans to add a way to keep scanning even after finding a vulnerability.

@vladko312 vladko312 added enhancement New feature or request delayed The issue will be fixed with a big update later labels Jan 7, 2024
@alasalamont
Copy link
Author

alasalamont commented Jan 7, 2024
edited
Loading

it will generate the new CSRF token which will cause false result

Bypassing CSRF can be rather hard and might need to be tailored to the specific website. Especially if the token is not in cookies. Same goes for second order. I have plans to add custom requesting workflows in the future, but it is not as easy as adding a single flag.

Normally, if the first 3 payloads pass, the tool will stop.

What do you mean by that? The tool will generate payloads until the vulnerability is found or all the payloads are checked. I have plans to add a way to keep scanning even after finding a vulnerability.

For the second idea you nail it. I just want the tool test all payloads :D

And for the blind SSTI, I think should add a basic technique as follow

  1. The tool will ask user to defind the IP, Port from local or ngrok, then the tool setup simple webserver
  2. From the injected place, execute command curl to that IP+Port
  3. If the webserver receive any request. It means site got Blind SSTI

I know this is suitable for doing labs, ctf. But it is still a good improvement

@vladko312
Copy link
Owner

Blind detection is now way more reliable, so there is no need for external network connections. Network-based out of bounds detection is not very reliable, as it relies a lot on the ability of the target to use a specific tool and connect to a specific host on a specific port.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
delayed The issue will be fixed with a big update later enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vladko312 @alasalamont