mehaase
commented
1 year ago Hi @b1tst0rm, thank you for trying out Attack Flow. I apologize that you had such a rough experience. We are resuming development of Attack Flow Builder in June to make a 2.1 release. We will address this and a few other usability issues at that time. You raise a few good suggestions here, and I expect our implementation to use one or more of those ideas. We have also kicked around the possibility of using the File System Access API which lets the app request permission to write to a file more than once, and then we could use that to automatically flush changes to disk.
Also good note about JSON vs AFB -- that's definitely another footgun we need to fix.
I understand the docs already mention that this is a focus for a future release, so I guess I am curious where the state of this is and if we can expect this soon? Are contributions on this feature desired from the community?
Problem: I lost a few hours of work today because I forgot to File-->Save and retain a copy of the AFB locally. I knew the risks, gambled, and lost my progress building out an attack flow. It's really easy to accidentally close a tab.
Proposed solution: I understand this project wants to keep user data client side, and I think that's great. But I would love for a more robust option rather than having to remember to save copies of my work every few minutes.
RELATED, but different suggestion (if you want me to move this to another issue, LMK):
Make it painfully clear in the documentation that saving the JSON (File-->Publish) is not enough to save your data to continue editing it later. If I try to open a JSON file in the UI, nothing shows up because it is not the required data format (.AFB). Maybe even have a popup on the UI warn a user that when they upload a JSON file that it is the wrong format. My first time using the tool I was a bit confused between Publish and Save. Perhaps even consolidate Save and Publish into one option that downloads both files at the same time.