post数据包无内容
is101101 opened this issue · 7 comments
hackbar 版本0.3.5
Google Chrome 已是最新版本
版本 88.0.4324.192(正式版本) (x86_64)
电脑mac
获取url信息后开启post,填写Boby信息后发送,抓包观察到请求方式是post,但是并没有发送post数据内容,
If enctype
is application/x-www-form-urlencoded
, there must be at least one equation symbol (=
) in payload.
像一些漏洞利用是没有(=)的,这样就造成无法利用hackbar进行利用,希望可以更新优化。
例如: 文件包含漏洞利用PHP伪协议
url: http://127.0.0.1/index.php?id=php://input
post: <?php phpinfo();?>
请问这种应该如何使用hackbar?
Since I don't want to use fetch
or XHR then rewrite document to show response, POST function is implemented by constructing a form
element, inserting it into document and submitting it.
Therefore, there must be at least one equation symbol in payload.
Maybe you will ask me why not to implement POST function by modifying request body directly? Because Chrome doesn't provide API to do this.
In conclusion, I think you should use Burp Suite for this situation.
了解,感谢