Header flag acknowledged but not being added to requests

assetnote / kiterunner

Contextual Content Discovery Tool

GNU Affero General Public License v3.0

2.57k stars 285 forks source link

Header flag acknowledged but not being added to requests #22

Open bluesm866 opened 3 years ago

bluesm866 commented 3 years ago

Running kr scan "https://example.com/api" --header="Cookie: example=abc123" -w /kiterunner/routes/routes-small.kite the header shows up on the information table printed before scanning.

When running kr kb replay -w /kiterunner/routes/routes-small.kite "<any resulting line from scan here>" it shows that the request was sent without the header.

minight commented 3 years ago

Thanks @bluesm866 . This is a bit more of a challenging task to tackle, the hash you use only identifies which API the request belongs to in the wordlist. We don't actually include any details about the flags used in the request in that response line.

Hence, its difficult to know retrospectively what headers the user had when performing the scan.

Would you prefer being able to specify the headers in a similar way for the replay? Or maybe specifying a scan configuration file instead of -w that let you include all the wordlists/headers for a set of requests. Then we can reconstruct the full request based off the scan configuration.

bluesm866 commented 3 years ago

Hello, Particularly, I would prefer to just specify the header in line when using the replay option. But any of these options look great, both would give the user the option to replay the exact same request that was sent at scan time.

De: minight @.> Enviado: domingo, 18 de abril de 2021 20:03 Para: assetnote/kiterunner @.> Cc: bluesm866 @.>; Mention @.> Assunto: Re: [assetnote/kiterunner] Header flag acknowledged but not being added to requests (#22)

Thanks @bluesm866https://github.com/bluesm866 . This is a bit more of a challenging task to tackle, the hash you use only identifies which API the request belongs to in the wordlist. We don't actually include any details about the flags used in the request in that response line.

Hence, its difficult to know retrospectively what headers the user had when performing the scan.

Would you prefer being able to specify the headers in a similar way for the replay? Or maybe specifying a scan configuration file instead of -w that let you include all the wordlists/headers for a set of requests. Then we can reconstruct the full request based off the scan configuration.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/assetnote/kiterunner/issues/22#issuecomment-822073136, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ARAM4ZNXHPK6TRHNYPBVF4DTJNM3FANCNFSM43BXBERQ.

99smith commented 2 years ago

hi ,

I am not able to run with headers while running kiterunner , when I run below command

kr scan https://jobs.xyzeecom/ses/ -w routes-large.kite -H 'Host: jobs.xyzee.com\nCookie: JSESSIONID=w2~3E85DBC1E\nX-Csrf-Token: 2ec9bfb3-affff13ca'

header infomation is shown in output table but when I replay request:

kr kb replay -q --proxy=http://localhost:8080 -w routes-large.kite "POST 500 [ 9, 2, 1] https://jobs.xyzee.com/ses/dev-api/api/task/documentUpload 0cf683b180ae4a2e1de357901a1b8f"

in response i dont see the headers which i wanted the kiterunner to use.

I tried another way by creating yaml file with below values

header: Cookie: JSESSIONID=w2~3E85D7C0A57858FFE9164AD41B6FBC1E; X-Csrf-Token: 2ec9bfb3-f7a8-43a4-b0a9-957affff13ca

and using it like below:

kr scan https://jobs.xyzee.com/ses/ -w routes-large.kite --config /Users/sh/.kiterunner.yaml

but still dont see any change.