foglar/ffuff
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added proxy functionality

Browse Source
This commit is contained in:
Joona Hoikkala 2019-01-21 22:43:04 +02:00
parent 0818256e1d
commit 582aa00833
No known key found for this signature in database
GPG Key ID: D5AA86BBF9B29A5C
4 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -105,6 +105,8 @@ To define the test case for ffuf, use the keyword `FUZZ` anywhere in the URL (`-
Target URL Target URL
-w string -w string
Wordlist path Wordlist path
-x string
HTTP Proxy URL
``` ```
eg. `ffuf -u https://example.org/FUZZ -w /path/to/wordlist` eg. `ffuf -u https://example.org/FUZZ -w /path/to/wordlist`

16
main.go
View File

@ -4,6 +4,8 @@ import (
"context" "context"
"flag" "flag"
"fmt" "fmt"
"net/http"
"net/url"
"os" "os"
"strconv" "strconv"
"strings" "strings"
@ -25,6 +27,7 @@ type cliOptions struct {
matcherSize string matcherSize string
matcherRegexp string matcherRegexp string
matcherWords string matcherWords string
proxyURL string
headers multiStringFlag headers multiStringFlag
showVersion bool showVersion bool
} }
@ -60,7 +63,8 @@ func main() {
flag.StringVar(&opts.matcherSize, "ms", "", "Match HTTP response size") flag.StringVar(&opts.matcherSize, "ms", "", "Match HTTP response size")
flag.StringVar(&opts.matcherRegexp, "mr", "", "Match regexp") flag.StringVar(&opts.matcherRegexp, "mr", "", "Match regexp")
flag.StringVar(&opts.matcherWords, "mw", "", "Match amount of words in response") flag.StringVar(&opts.matcherWords, "mw", "", "Match amount of words in response")
flag.StringVar(&conf.Method, "X", "GET", "HTTP method to use.") flag.StringVar(&opts.proxyURL, "x", "", "HTTP Proxy URL")
flag.StringVar(&conf.Method, "X", "GET", "HTTP method to use")
flag.BoolVar(&conf.Quiet, "s", false, "Do not print additional information (silent mode)") flag.BoolVar(&conf.Quiet, "s", false, "Do not print additional information (silent mode)")
flag.IntVar(&conf.Threads, "t", 40, "Number of concurrent threads.") flag.IntVar(&conf.Threads, "t", 40, "Number of concurrent threads.")
flag.BoolVar(&opts.showVersion, "V", false, "Show version information.") flag.BoolVar(&opts.showVersion, "V", false, "Show version information.")
@ -165,6 +169,16 @@ func prepareConfig(parseOpts *cliOptions, conf *ffuf.Config) error {
} }
} }
// Verify proxy url format
if len(parseOpts.proxyURL) > 0 {
pu, err := url.Parse(parseOpts.proxyURL)
if err != nil {
errs.Add(fmt.Errorf("Bad proxy url (-x) format: %s", err))
} else {
conf.ProxyURL = http.ProxyURL(pu)
}
}
//Search for keyword from URL and POST data too //Search for keyword from URL and POST data too
if strings.Index(conf.Url, "FUZZ") != -1 { if strings.Index(conf.Url, "FUZZ") != -1 {
foundkeyword = true foundkeyword = true

4
pkg/ffuf/config.go
View File

@ -2,6 +2,8 @@ package ffuf
import ( import (
"context" "context"
"net/http"
"net/url"
) )
//optRange stores either a single float, in which case the value is stored in min and IsRange is false, //optRange stores either a single float, in which case the value is stored in min and IsRange is false,
@ -28,6 +30,7 @@ type Config struct {
Matchers []FilterProvider Matchers []FilterProvider
Threads int Threads int
Context context.Context Context context.Context
ProxyURL func(*http.Request) (*url.URL, error)
} }
func NewConfig(ctx context.Context) Config { func NewConfig(ctx context.Context) Config {
@ -40,6 +43,7 @@ func NewConfig(ctx context.Context) Config {
conf.TLSSkipVerify = false conf.TLSSkipVerify = false
conf.Data = "" conf.Data = ""
conf.Quiet = false conf.Quiet = false
conf.ProxyURL = http.ProxyFromEnvironment
conf.Filters = make([]FilterProvider, 0) conf.Filters = make([]FilterProvider, 0)
conf.Delay = optRange{0, 0, false, false} conf.Delay = optRange{0, 0, false, false}
return conf return conf

1
pkg/runner/simple.go
View File

@ -30,6 +30,7 @@ func NewSimpleRunner(conf *ffuf.Config) ffuf.RunnerProvider {
CheckRedirect: func(req *http.Request, via []*http.Request) error { return http.ErrUseLastResponse }, CheckRedirect: func(req *http.Request, via []*http.Request) error { return http.ErrUseLastResponse },
Timeout: time.Duration(10 * time.Second), Timeout: time.Duration(10 * time.Second),
Transport: &http.Transport{ Transport: &http.Transport{
Proxy: conf.ProxyURL,
MaxIdleConns: 1000, MaxIdleConns: 1000,
MaxIdleConnsPerHost: 500, MaxIdleConnsPerHost: 500,
MaxConnsPerHost: 500, MaxConnsPerHost: 500,