Closed aidansteele closed 1 year ago
@aidansteele Wow, it's so nice. It's a great idea and I believe it's going to have a awesome results 🥰 (Personally, I wanted to increase support for HAR at Dalfox)
Thank you even more if you send me a Pull Request :D Feel free to let me know if you need any help! I'll actively support you!
Thanks for the quick response! I will submit a draft PR next week to get your feedback/review.
Hi, thank you for making Dalfox, it is a great tool.
It would be useful if Dalfox could save a HAR file with the contents of the requests that it sends to a target site. This would make it easier to combine the results from Dalfox with other tools like ZAP and review them in a GUI like Chrome dev tools.
It could be implemented by using a library like
github.com/vvakame/go-harlog
. In Dalfox,scanning.getTransport()
could use the go-harloghttp.RoundTripper
to record all the requests. Dalfox could add aDalfox-Request-Id: ${guid}
header to each request and it would appear in the HAR file. The output from Dalfox (when it reports a PoC) could include a"request_id": "${guid}"
so the user would know which requests in the HAR file correspond to which PoCs.This is similar to what ZAP does, where it can record a HAR file and assigns "zap message IDs" to each entry.
I could submit a PR for this. Would that be useful?