search

blacklanternsecurity / bbot

A recursive internet scanner for hackers.
https://www.blacklanternsecurity.com/bbot/
GNU General Public License v3.0
4.19k stars 381 forks source link

Paramminer Error Because of Custom HTTP Header #1299

Closed amiremami closed 2 months ago

amiremami commented 3 months ago

Hey @liquidsec : ) If I add a custom header to my command like http_headers={X-Request-Purpose:Research}

bbot -t namejet.com -m httpx paramminer_headers -c http_headers={X-Request-Purpose:Research}

I got these

image image

Thanks 🙏

liquidsec commented 2 months ago

Hey @amiremami - this is essentially identical to the issue i opened here:

https://github.com/blacklanternsecurity/bbot/issues/1225

The correct way to do it is:

poetry run bbot -m httpx telerik -c http_headers='{"ASP.NET_SessionId":"wezl5nvfi4ukn0f3yn4jua0a"}' -t https://nunya/

As I pointed out there, it's definitely counter-intuitive, and we should come up with a way to validate it and give good error messages.

I'm going to close this issue as a duplicate, but I will link to it over there.

liquidsec commented 2 months ago

closing as duplicate