search

Sh1Yo / x8

Hidden parameters discovery suite
GNU General Public License v3.0
1.68k stars 151 forks source link

[Request] include reason for potential param in the json output #11

Closed bugbaba closed 3 years ago

bugbaba commented 3 years ago

Привет :)

Currently, the tooling only mentions the reason a potential parameter is detected in the stdout only. It would be really helpful in cases where a user has multiple output files from the past to see which parameter was detected to reflecting back vs changing in response code, etc.

image

Current output format

{"method":"GET", "url":"http://ffuf.me/cd/param/data", "parameters":["debug"]}

Desired output format

{
   "method": "GET",
    "url": "http://ffuf.me/cd/param/data",
    "parameters" : [
        {
            "param": "debug",
            "reason": "Different response code: 400 -> 200"
        }
    ]
}

So instead of just sending parameter names to futures_data, also send the message that was sent to writeln https://github.com/Sh1Yo/x8/blob/main/src/logic.rs#L216

-- Regards, @bugbaba

Sh1Yo commented 3 years ago

Привет! It looks like a good feature. I will try to find some free time and implement it sometime.

Sh1Yo commented 3 years ago

For now it looks like this: image

I will take a few days to debug before the release. Feel free to suggest something meanwhile.

bugbaba commented 3 years ago

Looks perfect!

Sh1Yo commented 3 years ago

I've published a release v3.1.0 with this improvement.