Optionally include HTTP Request and Response in the JSON output

hahwul / dalfox

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

https://dalfox.hahwul.com

MIT License

3.55k stars 397 forks source link

Optionally include HTTP Request and Response in the JSON output #423

Closed kmcquade closed 1 year ago

kmcquade commented 1 year ago

It would be really helpful if we could optionally have the entire HTTP request and HTTP Response in the JSON output as well. I realize this could become very large but it would be super helpful for providing useful context for the reader. Perhaps as two different options: --output-request and --output-response.

hahwul commented 1 year ago

@kmcquade Oh yes, this is really important, too! roll up my sleeves. thank you so much :D

hahwul commented 1 year ago

--output-request, --output-response flag contains raw HTTP Request/Response information. It is outputted in raw_request, raw_response for JSON, and in a style similar to Code for CLI.

JSON

./dalfox url https://xss-game.appspot.com/level1/frame --format json --silence --output-request

스크린샷 2023-03-28 오전 2 33 27

CLI

./dalfox url https://xss-game.appspot.com/level1/frame --output-request --output-response

스크린샷 2023-03-28 오전 2 41 40

hahwul commented 1 year ago

@kmcquade I'm sorry I'm late! Time went by so fast.. 😭 It will be included in the next version, the 2.9 release. 2.9 is about to be released tomorrow at the earliest, or within this week at the latest! Thank you for the great idea :D

kmcquade commented 1 year ago

Amazing! Thank you so much :)