--ignore-url-keywords参数不管用和需求fuzz payload

Qianlitp / crawlergo

A powerful browser crawler for web vulnerability scanners

GNU General Public License v3.0

2.85k stars 480 forks source link

--ignore-url-keywords参数不管用和需求fuzz payload #152

Open Tian866 opened 11 months ago

Tian866 commented 11 months ago

--ignore-url-keywords logout 带cookie扫描dvwa的时候，怎么扫都退出。抓包发现还是请求了logout.php

需求 post请求的时候fuzz payload

Tian866 commented 11 months ago

crawlergo -c C:\Program Files\Google\Chrome\Application\chrome.exe -t 8 -f smart --fuzz-path --custom-headers {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.31", "Cookie": "PHPSESSID=0vh0dm4tdn1ef0u139jg8vc3p5; security=impossible"} --push-to-proxy http://127.0.0.1:8080/ --push-pool-max 32 --output-mode json -iuk logout -iuk exit http://192.168.1.70