raw http request handler
knassar702 opened this issue · 1 comments
knassar702 commented
I think lotus need to make the payload injection process simple to the user, so instead of calling a lot of functions to change the parameters values like this
for payload in PAYLOADS:gmatch("[^\n]+") do
new_querys = HttpMessage:setAllParams("testxss")
for param_name, pay_url in pairs(new_querys) do
-- scanner logic
end
end
to this
--[[
HttpMessage ->
set_payload(new_txt) -> set the chosien parameter value to the new_txt parameter value
get_method() -> get http method
get_url() -> get the request url
get_body() -> get the request
get_targetparam() -> get the current param
injection_point() -> get the injection point [body, url parameter value, url parameter name, url path, headers]
set_*() -> to change all of get_* functions value
--]]
for payload in PAYLOADS:gmatch("[^\n]+") do
new_req = HttpMessage:set_payload("xss_test")
new_req:send()
this will make the normal scanning tasks easier and faster for reading or writing
inspired by zaproxy scripting
https://github.com/zaproxy/community-scripts/blob/main/active/bxss.py
knassar702 commented
Done #131