new: implemented http.enum interpolation syntax

evilsocket · Nov 2, 2023 · 5fd9b84 · 5fd9b84
1 parent 36f5e60
commit 5fd9b84
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 10 deletions.
diff --git a/src/options.rs b/src/options.rs
@@ -21,7 +21,7 @@ pub(crate) struct Options {
     #[clap(short, long)]
     pub target: Option<String>,
     /// Constant, filename, glob expression as @/some/path/*.txt or range as #min-max:charset / #min-max
-    #[clap(long, visible_alias = "data")]
+    #[clap(long, visible_alias = "payloads")]
     pub username: Option<String>,
     /// Constant, filename, glob expression as @/some/path/*.txt or range as #min-max:charset / #min-max
     #[clap(long, visible_alias = "key")]

diff --git a/src/plugins/http/mod.rs b/src/plugins/http/mod.rs
@@ -276,13 +276,20 @@ impl HTTP {
         timeout: Duration,
     ) -> Result<Option<Loot>, Error> {
         let headers = self.setup_headers();
-        let page = format!(
-            "/{}",
-            creds
-                .username
-                .replace(&self.enum_ext_placeholder, &self.enum_ext)
-        );
-        let url = format!("{}{}", self.target, &page);
+
+        let url = if self.target.contains("{PAYLOAD}") {
+            // by interpolation
+            self.target.replace("{PAYLOAD}", &creds.username)
+        } else {
+            // by appending
+            format!(
+                "{}{}",
+                &self.target,
+                creds
+                    .username
+                    .replace(&self.enum_ext_placeholder, &self.enum_ext)
+            )
+        };
 
         // build base request object
         let request = self
@@ -358,11 +365,25 @@ impl Plugin for HTTP {
                     "".to_owned()
                 };
 
+                let path = target_url
+                    .path()
+                    .replace("%7BUSERNAME%7D", "{USERNAME}")
+                    .replace("%7BPASSWORD%7D", "{PASSWORD}")
+                    .replace("%7BPAYLOAD%7D", "{PAYLOAD}"); // undo query encoding of interpolation params
+
+                let query = if let Some(query) = target_url.query() {
+                    format!("?{}", query)
+                } else {
+                    "".to_owned()
+                };
+
                 format!(
-                    "{}://{}{}",
+                    "{}://{}{}{}{}",
                     target_url.scheme(),
                     target_url.host().unwrap(),
                     port_part,
+                    path,
+                    query
                 )
             } else {
                 target_url.to_string()

diff --git a/src/plugins/http/options.rs b/src/plugins/http/options.rs
@@ -3,7 +3,7 @@ use serde::{Deserialize, Serialize};
 
 #[derive(Parser, Debug, Serialize, Deserialize, Clone, Default)]
 pub(crate) struct Options {
-    #[clap(long, default_value = "200, 301, 302")]
+    #[clap(long, default_value = "200")]
     /// Comma separated status codes to consider as successful authentication attempts for HTTP based plugins.
     pub http_success_codes: String,
     #[clap(long)]