foglar/ffuff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add -raw cli flag (#721)

Browse Source
This commit is contained in:
Joona Hoikkala 2023-09-15 17:12:31 +03:00 committed by GitHub
parent 3fdb4e2b6a
commit 02e6a73724
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 16 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -1,6 +1,7 @@
## Changelog ## Changelog
- master - master
- New - New
- New cli flag `-raw` to omit urlencoding for URIs
- Integration with `github.com/ffuf/pencode` library, added `-enc` cli flag to do various in-fly encodings for input data - Integration with `github.com/ffuf/pencode` library, added `-enc` cli flag to do various in-fly encodings for input data
- Changed - Changed
- Explicitly allow TLS1.0 - Explicitly allow TLS1.0

1
ffufrc.example
View File

@ -14,6 +14,7 @@
ignorebody = false ignorebody = false
method = "GET" method = "GET"
proxyurl = "http://127.0.0.1:8080" proxyurl = "http://127.0.0.1:8080"
raw = false
recursion = false recursion = false
recursion_depth = 0 recursion_depth = 0
recursion_strategy = "default" recursion_strategy = "default"

2
help.go
View File

@ -54,7 +54,7 @@ func Usage() {
Description: "Options controlling the HTTP request and its parts.", Description: "Options controlling the HTTP request and its parts.",
Flags: make([]UsageFlag, 0), Flags: make([]UsageFlag, 0),
Hidden: false, Hidden: false,
ExpectedFlags: []string{"cc", "ck", "H", "X", "b", "d", "r", "u", "recursion", "recursion-depth", "recursion-strategy", "replay-proxy", "timeout", "ignore-body", "x", "sni", "http2"}, ExpectedFlags: []string{"cc", "ck", "H", "X", "b", "d", "r", "u", "raw", "recursion", "recursion-depth", "recursion-strategy", "replay-proxy", "timeout", "ignore-body", "x", "sni", "http2"},
} }
u_general := UsageSection{ u_general := UsageSection{
Name: "GENERAL OPTIONS", Name: "GENERAL OPTIONS",

1
main.go
View File

@ -77,6 +77,7 @@ func ParseFlags(opts *ffuf.ConfigOptions) *ffuf.ConfigOptions {
flag.BoolVar(&opts.General.Verbose, "v", opts.General.Verbose, "Verbose output, printing full URL and redirect location (if any) with the results.") flag.BoolVar(&opts.General.Verbose, "v", opts.General.Verbose, "Verbose output, printing full URL and redirect location (if any) with the results.")
flag.BoolVar(&opts.HTTP.FollowRedirects, "r", opts.HTTP.FollowRedirects, "Follow redirects") flag.BoolVar(&opts.HTTP.FollowRedirects, "r", opts.HTTP.FollowRedirects, "Follow redirects")
flag.BoolVar(&opts.HTTP.IgnoreBody, "ignore-body", opts.HTTP.IgnoreBody, "Do not fetch the response content.") flag.BoolVar(&opts.HTTP.IgnoreBody, "ignore-body", opts.HTTP.IgnoreBody, "Do not fetch the response content.")
flag.BoolVar(&opts.HTTP.Raw, "raw", opts.HTTP.Raw, "Do not encode URI")
flag.BoolVar(&opts.HTTP.Recursion, "recursion", opts.HTTP.Recursion, "Scan recursively. Only FUZZ keyword is supported, and URL (-u) has to end in it.") flag.BoolVar(&opts.HTTP.Recursion, "recursion", opts.HTTP.Recursion, "Scan recursively. Only FUZZ keyword is supported, and URL (-u) has to end in it.")
flag.BoolVar(&opts.HTTP.Http2, "http2", opts.HTTP.Http2, "Use HTTP2 protocol") flag.BoolVar(&opts.HTTP.Http2, "http2", opts.HTTP.Http2, "Use HTTP2 protocol")
flag.BoolVar(&opts.Input.DirSearchCompat, "D", opts.Input.DirSearchCompat, "DirSearch wordlist compatibility mode. Used in conjunction with -e flag.") flag.BoolVar(&opts.Input.DirSearchCompat, "D", opts.Input.DirSearchCompat, "DirSearch wordlist compatibility mode. Used in conjunction with -e flag.")

2
pkg/ffuf/config.go
View File

@ -46,6 +46,7 @@ type Config struct {
ProxyURL string `json:"proxyurl"` ProxyURL string `json:"proxyurl"`
Quiet bool `json:"quiet"` Quiet bool `json:"quiet"`
Rate int64 `json:"rate"` Rate int64 `json:"rate"`
Raw bool `json:"raw"`
Recursion bool `json:"recursion"` Recursion bool `json:"recursion"`
RecursionDepth int `json:"recursion_depth"` RecursionDepth int `json:"recursion_depth"`
RecursionStrategy string `json:"recursion_strategy"` RecursionStrategy string `json:"recursion_strategy"`
@ -108,6 +109,7 @@ func NewConfig(ctx context.Context, cancel context.CancelFunc) Config {
conf.ProxyURL = "" conf.ProxyURL = ""
conf.Quiet = false conf.Quiet = false
conf.Rate = 0 conf.Rate = 0
conf.Raw = false
conf.Recursion = false conf.Recursion = false
conf.RecursionDepth = 0 conf.RecursionDepth = 0
conf.RecursionStrategy = "default" conf.RecursionStrategy = "default"

1
pkg/ffuf/configmarshaller.go
View File

@ -18,6 +18,7 @@ func (c *Config) ToOptions() ConfigOptions {
o.HTTP.IgnoreBody = c.IgnoreBody o.HTTP.IgnoreBody = c.IgnoreBody
o.HTTP.Method = c.Method o.HTTP.Method = c.Method
o.HTTP.ProxyURL = c.ProxyURL o.HTTP.ProxyURL = c.ProxyURL
o.HTTP.Raw = c.Raw
o.HTTP.Recursion = c.Recursion o.HTTP.Recursion = c.Recursion
o.HTTP.RecursionDepth = c.RecursionDepth o.HTTP.RecursionDepth = c.RecursionDepth
o.HTTP.RecursionStrategy = c.RecursionStrategy o.HTTP.RecursionStrategy = c.RecursionStrategy

3
pkg/ffuf/optionsparser.go
View File

@ -33,6 +33,7 @@ type HTTPOptions struct {
IgnoreBody bool `json:"ignore_body"` IgnoreBody bool `json:"ignore_body"`
Method string `json:"method"` Method string `json:"method"`
ProxyURL string `json:"proxy_url"` ProxyURL string `json:"proxy_url"`
Raw bool `json:"raw"`
Recursion bool `json:"recursion"` Recursion bool `json:"recursion"`
RecursionDepth int `json:"recursion_depth"` RecursionDepth int `json:"recursion_depth"`
RecursionStrategy string `json:"recursion_strategy"` RecursionStrategy string `json:"recursion_strategy"`
@ -148,6 +149,7 @@ func NewConfigOptions() *ConfigOptions {
c.HTTP.IgnoreBody = false c.HTTP.IgnoreBody = false
c.HTTP.Method = "" c.HTTP.Method = ""
c.HTTP.ProxyURL = "" c.HTTP.ProxyURL = ""
c.HTTP.Raw = false
c.HTTP.Recursion = false c.HTTP.Recursion = false
c.HTTP.RecursionDepth = 0 c.HTTP.RecursionDepth = 0
c.HTTP.RecursionStrategy = "default" c.HTTP.RecursionStrategy = "default"
@ -514,6 +516,7 @@ func ConfigFromOptions(parseOpts *ConfigOptions, ctx context.Context, cancel con
conf.StopOnAll = parseOpts.General.StopOnAll conf.StopOnAll = parseOpts.General.StopOnAll
conf.StopOnErrors = parseOpts.General.StopOnErrors conf.StopOnErrors = parseOpts.General.StopOnErrors
conf.FollowRedirects = parseOpts.HTTP.FollowRedirects conf.FollowRedirects = parseOpts.HTTP.FollowRedirects
conf.Raw = parseOpts.HTTP.Raw
conf.Recursion = parseOpts.HTTP.Recursion conf.Recursion = parseOpts.HTTP.Recursion
conf.RecursionDepth = parseOpts.HTTP.RecursionDepth conf.RecursionDepth = parseOpts.HTTP.RecursionDepth
conf.RecursionStrategy = parseOpts.HTTP.RecursionStrategy conf.RecursionStrategy = parseOpts.HTTP.RecursionStrategy

6
pkg/runner/simple.go
View File

@ -137,6 +137,11 @@ func (r *SimpleRunner) Execute(req *ffuf.Request) (ffuf.Response, error) {
req.Host = httpreq.Host req.Host = httpreq.Host
httpreq = httpreq.WithContext(httptrace.WithClientTrace(r.config.Context, trace)) httpreq = httpreq.WithContext(httptrace.WithClientTrace(r.config.Context, trace))
if r.config.Raw {
httpreq.URL.Opaque = req.Url
}
for k, v := range req.Headers { for k, v := range req.Headers {
httpreq.Header.Set(k, v) httpreq.Header.Set(k, v)
} }
@ -144,6 +149,7 @@ func (r *SimpleRunner) Execute(req *ffuf.Request) (ffuf.Response, error) {
if len(r.config.OutputDirectory) > 0 { if len(r.config.OutputDirectory) > 0 {
rawreq, _ = httputil.DumpRequestOut(httpreq, true) rawreq, _ = httputil.DumpRequestOut(httpreq, true)
} }
httpresp, err := r.client.Do(httpreq) httpresp, err := r.client.Do(httpreq)
if err != nil { if err != nil {
return ffuf.Response{}, err return ffuf.Response{}, err