search

SamJoan / droopescan

A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.
GNU Affero General Public License v3.0
1.22k stars 246 forks source link

Add Specific Header in request #53

Closed ghost closed 3 years ago

ghost commented 3 years ago

Hi, may i know how i add specific header in all the request? Example: Authorization: xxxx

SamJoan commented 3 years ago

Hi.

The best way to do this currently is to configure an upstream proxy as documented here. You could then use mitmproxy for example and create a custom addon that does this like http-add-header.py. Burp also has support for adding a custom hard-coded header.

All requests issued by droopescan are issued from a single Session object defined here. If many people need this feature and you are willing to implement it alongside some tests, I'd be happy to accept a PR for it.

Thanks.

ghost commented 3 years ago

Sorry, i wish i could help, but i'm not that good in coding. Besides, may i know the detail steps of configure the upstream proxy? I don't understand the documentation... Trying to bind to burp. Thank you in advance

SamJoan commented 3 years ago

Hi there,

Basically you:

  1. Configure droopescan to use a proxy using http_proxy variables. More info here.).
  2. Configure burp to add the required header

Let me know if this works for you, or what particular step you need help with.

Thanks! Pedro

ghost commented 3 years ago

Hi, i do exactly the same step before but this time worked! Thank you !