raw http request handler

Question

raw http request handler

knassar702 opened this issue 2 years ago · 1 comments

I think lotus need to make the payload injection process simple to the user, so instead of calling a lot of functions to change the parameters values like this

for payload in PAYLOADS:gmatch("[^\n]+") do
   new_querys = HttpMessage:setAllParams("testxss")
   for param_name, pay_url in pairs(new_querys) do 
      -- scanner logic
   end
end

to this

--[[
HttpMessage -> 
    set_payload(new_txt) -> set the chosien parameter value to the new_txt parameter value
    get_method() -> get http method
    get_url() -> get the request url
    get_body() -> get the request 
    get_targetparam() -> get the current param
    injection_point() -> get the injection point [body, url parameter value, url parameter name, url path, headers]
    set_*() -> to change all of get_* functions value
--]]

for payload in PAYLOADS:gmatch("[^\n]+") do
    new_req = HttpMessage:set_payload("xss_test")
    new_req:send()

this will make the normal scanning tasks easier and faster for reading or writing

inspired by zaproxy scripting

https://github.com/zaproxy/community-scripts/blob/main/active/bxss.py

knassar702 commented a year ago

Done #131