Feature request: record Dalfox traffic in HAR file

[aidansteele]

Hi, thank you for making Dalfox, it is a great tool.

It would be useful if Dalfox could save a HAR file with the contents of the requests that it sends to a target site. This would make it easier to combine the results from Dalfox with other tools like ZAP and review them in a GUI like Chrome dev tools.

It could be implemented by using a library like github.com/vvakame/go-harlog. In Dalfox, scanning.getTransport() could use the go-harlog http.RoundTripper to record all the requests. Dalfox could add a Dalfox-Request-Id: ${guid} header to each request and it would appear in the HAR file. The output from Dalfox (when it reports a PoC) could include a "request_id": "${guid}" so the user would know which requests in the HAR file correspond to which PoCs.

This is similar to what ZAP does, where it can record a HAR file and assigns "zap message IDs" to each entry.

I could submit a PR for this. Would that be useful?

[hahwul]

@aidansteele Wow, it's so nice. It's a great idea and I believe it's going to have a awesome results 🥰 (Personally, I wanted to increase support for HAR at Dalfox)

Thank you even more if you send me a Pull Request :D Feel free to let me know if you need any help! I'll actively support you!

[aidansteele]

Thanks for the quick response! I will submit a draft PR next week to get your feedback/review.