Support HTTP POST method with body in addition to default GET

[Unpublished]

Example:

Fill out form (without submitting) on https://wordpress.com/start/user and watch for network calls to https://public-api.wordpress.com/rest/v1.1/signups/validation/user?http_envelope=1

[WebBreacher]

This has long been a goal of mine as many sites require POSTs and won't respond to GETs. I suppose we could just add a post_data param and value and if there is something there, then send the request via POST.

Would require:

1. Alerting downstream users to the change so they can alter their scripts/sites.
2. Changing the included checker Python scripts to use it.

Thoughts?

[Unpublished]

I'd rather introduce a request_method param which defaults to GET and a request_body param. This way (rare?) edge cases like POST with empty body and GET with body are also covered.

Yeah I see no way without alerting downstream and altering current scripts as well.

[WebBreacher]

Understood and those are solid suggestions. Any idea of how many sites use POST instead of GET that would need this feature?

[Unpublished]

I don't have any numbers but in addition to WordPress it is required by dlive.tv according to WNMs Wiki page. Supporting Instagram would be possible as well (see requests to https://www.instagram.com/accounts/web_create_ajax/attempt/ during registration).

[WebBreacher]

Sounds good. I'm going to reach out to those down-stream tool maintainers that use WMN and ask if they have any issues with this proposal. Then we implement.

[WebBreacher]

Sent the following email to down-stream tool maintainers:

I wanted to let you know of a potential change to the WhatsMyName (WMN) project JSON file (https://github.com/WebBreacher/WhatsMyName/blob/master/web_accounts_list.json) that will impact your down-stream tools.

Since day 1, WMN has only used HTTP GET requests to interrogate servers. Today, we are would like to add the params and data to allow your tools to make POST requests as well.

As you can read in https://github.com/WebBreacher/WhatsMyName/issues/402, we are considering adding a request_method param which defaults to GET and a request_body param that would be empty unless there was POST data to send. Should be simple for a tool to look at the "request_method" and either default to just sending the GET URL or making a POST using the data in the "request_body".

Before making this change and breaking your tools, I wanted to ask if you have any suggestions or issues. We are discussing this issue https://github.com/WebBreacher/WhatsMyName/issues/402 and welcome your public thoughts or private ones here.

Unless we hear about some critical issue that prevents us from moving forward with this change, we will be making it later in the month. If you require a specific date, we can nail one down.

Thanks for using WMN and for your OSINT tools!

--- Micah WhatsMyName Project Manager

[WebBreacher]

@Unpublished what are your thoughts about further streamlining this and making a param that is get with a true or false Boolean value. If fals, then the r_body (request_body) param would be used along with an HTTP POST request method. I do not picture this project using anything other than GET and POST and the get and true values are shorter than post and false.

[WebBreacher]

Moving this discussion to #414 and closing this since we WILL be doing it just have to decide how.