olearycrew
commented
9 months ago Thanks for this set of ideas @hktalent
Open hktalent opened 9 months ago
olearycrew
commented
9 months ago Thanks for this set of ideas @hktalent
tarunKoyalwar
commented
9 months ago @hktalent , we can cover WAF bypass and maybe other tamper scripts via yaml template once https://github.com/projectdiscovery/nuclei/issues/4549 this is implemented also we have this global passive matcher/extractor issue on priority.
original idea was for matcher / extractor but we can maybe introduce mutator or something like that to modify specific parts of requests / response via dsl etc . and support tamper scripts like logic in sqlmap
hktalent
commented
9 months ago @olearycrew You're welcome
@tarunKoyalwar Once the plug-in is supported to pre-process data before sending, please tell me and I will participate in the contribution. In fact, I have another idea to send the data before sending to the server, and then use the server to complete the distribution of several scanners. , that is, the scanning of a target is completed by several distribution nodes, non-repetitive task allocation, and several different exit IPs, which may have a certain effect on firewall intervention.
hktalent
commented
9 months ago These are some of my practices in my own private projects, and I hope to contribute them to nuclei Let us continue to fight WAF and security defense continuously and never-endingly! This war will never end, it just depends on who is faster and ahead...
hktalent
commented
9 months ago @olearycrew @tarunKoyalwar Also, I would like to add that It is recommended that all http packages support plug-ins before sending them. I have another idea
For http post data, the ability of WAF has been enhanced
I believe there are many coding methods to bypass WAF. @tarunKoyalwar build_request.go
I originally wanted to try to participate, contribute, and complete this work. But I found that my energy was limited