Skip to content

Commit d50b028

Browse files
hupe1980hupe1980
committed
Fix field values
1 parent d83f701 commit d50b028

5 files changed

Lines changed: 33 additions & 3 deletions

File tree

README.md

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -207,7 +207,9 @@ Flags:
207207
--proxy string proxy url
208208
-r, --resource string resource in payload (default "l4s")
209209
--schema string schema to use for requests (default "https")
210-
--set-header stringToString set fix header value (default [])
210+
--set-field stringToString set fix field value (key=value) (default [])
211+
--set-header stringToString set fix header value (key=value) (default [])
212+
--set-param stringToString set fix query param value (key=value) (default [])
211213
--submit-forms add form submits to fuzzing
212214
--timeout duration time limit for requests (default 3s)
213215
-t, --type strings get, post or json (default [get])
@@ -255,7 +257,9 @@ Flags:
255257
--payloads-file string use custom payloads from file
256258
--proxy string proxy url
257259
-r, --resource string resource in payload (default "l4s")
258-
--set-header stringToString set fix header value (default [])
260+
--set-field stringToString set fix field value (key=value) (default [])
261+
--set-header stringToString set fix header value (key=value) (default [])
262+
--set-param stringToString set fix query param value (key=value) (default [])
259263
--submit-forms add form submits to fuzzing
260264
--timeout duration time limit for requests (default 3s)
261265
-t, --type strings get, post or json (default [get])

cmd/remote.go

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -38,8 +38,10 @@ type remoteOptions struct {
3838
headerValues map[string]string
3939
fieldsFile string
4040
fields []string
41+
fieldValues map[string]string
4142
paramsFile string
4243
params []string
44+
paramValues map[string]string
4345
payloadsFile string
4446
payloads []string
4547
maxThreads int
@@ -87,7 +89,9 @@ func addRemoteFlags(cmd *cobra.Command, opts *remoteOptions) {
8789
cmd.Flags().StringSliceVarP(&opts.fields, "field", "", nil, "field to use")
8890
cmd.Flags().StringSliceVarP(&opts.params, "param", "", nil, "query param to use")
8991
cmd.Flags().StringSliceVarP(&opts.payloads, "payload", "", nil, "payload to use")
90-
cmd.Flags().StringToStringVarP(&opts.headerValues, "set-header", "", nil, "set fix header value")
92+
cmd.Flags().StringToStringVarP(&opts.headerValues, "set-header", "", nil, "set fix header value (key=value)")
93+
cmd.Flags().StringToStringVarP(&opts.fieldValues, "set-field", "", nil, "set fix field value (key=value)")
94+
cmd.Flags().StringToStringVarP(&opts.paramValues, "set-param", "", nil, "set fix query param value (key=value)")
9195
}
9296

9397
var unauthorizedHandler = func(verbose bool) internal.StatusCodeHandlerFunc {

cmd/remote_cidr.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -75,8 +75,12 @@ func newRemoteCIDRCmd(noColor *bool, output *string, verbose *bool) *cobra.Comma
7575
HeaderValues: opts.headerValues,
7676
FieldsFile: opts.fieldsFile,
7777
Fields: opts.fields,
78+
FieldValues: opts.fieldValues,
7879
PayLoadsFile: opts.payloadsFile,
7980
Payloads: opts.payloads,
81+
ParamsFile: opts.paramsFile,
82+
Params: opts.params,
83+
ParamValues: opts.paramValues,
8084
Timeout: opts.timeout,
8185
CheckCVE2021_45046: opts.checkCVE2021_45046,
8286
}

cmd/remote_url.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -73,8 +73,12 @@ func newRemoteURLCmd(noColor *bool, output *string, verbose *bool) *cobra.Comman
7373
HeaderValues: opts.headerValues,
7474
FieldsFile: opts.fieldsFile,
7575
Fields: opts.fields,
76+
FieldValues: opts.fieldValues,
7677
PayLoadsFile: opts.payloadsFile,
7778
Payloads: opts.payloads,
79+
ParamsFile: opts.paramsFile,
80+
Params: opts.params,
81+
ParamValues: opts.paramValues,
7882
Timeout: opts.timeout,
7983
CheckCVE2021_45046: opts.checkCVE2021_45046,
8084
}

internal/remote.go

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -39,10 +39,12 @@ type RemoteOptions struct {
3939
HeaderValues map[string]string
4040
FieldsFile string
4141
Fields []string
42+
FieldValues map[string]string
4243
PayLoadsFile string
4344
Payloads []string
4445
ParamsFile string
4546
Params []string
47+
ParamValues map[string]string
4648
Timeout time.Duration
4749
CheckCVE2021_45046 bool
4850
}
@@ -170,6 +172,10 @@ func (rs *RemoteScanner) newRequest(ctx context.Context, method, u, payload stri
170172
data.Set(field, payload)
171173
}
172174

175+
for k, v := range rs.opts.FieldValues {
176+
data.Set(k, v)
177+
}
178+
173179
req, err = http.NewRequestWithContext(ctx, "POST", u, strings.NewReader(data.Encode()))
174180
if err != nil {
175181
return nil, err
@@ -182,6 +188,10 @@ func (rs *RemoteScanner) newRequest(ctx context.Context, method, u, payload stri
182188
values[field] = payload
183189
}
184190

191+
for k, v := range rs.opts.FieldValues {
192+
values[k] = v
193+
}
194+
185195
jsonValue, err := json.Marshal(values)
186196
if err != nil {
187197
return nil, err
@@ -206,6 +216,10 @@ func (rs *RemoteScanner) newRequest(ctx context.Context, method, u, payload stri
206216
values.Add(q, payload)
207217
}
208218

219+
for k, v := range rs.opts.ParamValues {
220+
values.Set(k, v)
221+
}
222+
209223
req.URL.RawQuery = values.Encode()
210224

211225
return req, nil

0 commit comments

Comments
 (0)