Open Regala opened 3 years ago
I think this would be a good feature to add. It may increase the allocations in our result hotloop, however it may be something that the user acknowledges it may slow down the application.
@Regala, a few questions for the usecase you intend for:
For implementation, a simple implementation might be a post-request hook like the current PrintResults
is.
There are a few concerns prior to implementing this that need to be ironed out:
replay
function due to using net/http
instead of fasthttp
. Can we use fasthttp to perform a proxied request?
Hey @minight 😊
do you only want (non-wildcard) results to go through the proxy? or all requests
I would say non-wildcard. However, I could see -v debug
(or alternative) forcing all requests to be proxied.
would you still use the feature if it caused scanning to run at 50% speed. Is the feature a higher priority than the speed of the scanning?
Definitely! I believe this is something people already assume is going to happen using some kind of middle man.
Thanks 💙
Following up on @Regala's notes, I would also take advantage of a global --proxy
option! Thanks!
I agree with the illustrious @joswr1ght , I often need to proxy to modify requests to contain authorization headers when I do content discovery.
Proxying would be very welcome! For some pentest engagements, we need to keep a log of all requests and sometimes dynamically modify the requests via the proxy.
Hey! Wondering if the
--proxy
option could be supported globally. This would assist tremendously when testing in conjunction with Burp.Thank you 💚