Closed is101101 closed 3 years ago
If enctype
is application/x-www-form-urlencoded
, there must be at least one equation symbol (=
) in payload.
像一些漏洞利用是没有(=)的,这样就造成无法利用hackbar进行利用,希望可以更新优化。
例如: 文件包含漏洞利用PHP伪协议
url: http://127.0.0.1/index.php?id=php://input
post: <?php phpinfo();?>
请问这种应该如何使用hackbar?
Since I don't want to use fetch
or XHR then rewrite document to show response, POST function is implemented by constructing a form
element, inserting it into document and submitting it.
Therefore, there must be at least one equation symbol in payload.
Maybe you will ask me why not to implement POST function by modifying request body directly? Because Chrome doesn't provide API to do this.
In conclusion, I think you should use Burp Suite for this situation.
了解,感谢
Seems in the latest hackbar's RAW MODE allowed us to send the POST DATA without =
hackbar 版本0.3.5 Google Chrome 已是最新版本 版本 88.0.4324.192(正式版本) (x86_64) 电脑mac 获取url信息后开启post,填写Boby信息后发送,抓包观察到请求方式是post,但是并没有发送post数据内容,