Feature: Load raw request from file (http)

[vdun]

Load a raw request from a file and fuzz the parameters in it. This would make it easier to use in more complex scenarios.

[vanhauser-thc]

1st - hydra is not a fuzzer. if you want to fuzz parameters - use a fuzzer. 2nd - although there could be a heuristic which tries to identify which field is the login and which the password there might be error (e.g. login and uid and username fields present in the form - which one is correct?) which would result in login attempts that would never work.

I only would see the value in massive auto attacks which could easily be misused.

if you want that feaature, implement it yourself and supply a patch.

[vdun]

1. I mean only fuzzing/bruteforcing the fields specified by '^USER^' and '^PASS^' in the raw request file. This would be an alternative to 'HTTP-FORM-GET, HTTP-FORM-POST, HTTP-GET, HTTP-HEAD, HTTP-POST, HTTP-PROXY, HTTPS-FORM-GET, HTTPS-FORM-POST, HTTPS-GET, HTTPS-HEAD, HTTPS-POST, HTTP-Proxy'
2. That is still too fancy to add. No need for this at the moment.

[vanhauser-thc]

Ah you mean you use a raw request file where you put ^USER^ and ^PASS^ at the right location? why would you think that would better than the existing setup? what do you mean by "more complex scenarios"?

[petrock6]

vdun, are you saying something like a HTTP packet capture from a packet sniffer?

[vdun]

By raw it is meant to loading a text file containing the full request and marked parameters inside ^USER^ and ^PASS^. "Complex" I mean you just simply dump the request from pcap, Proxy, browser, ... as it is and provide it directly to hydra, so no need to convert that by hand into long command line parameters.

[petrock6]

So instead of specifying a URL inside of a command line, you want to specify it in a file? I don't see the point of this, if anything that's more cumbersome than modifying the command line parameters. If I'm missing the point entirely, please be as descriptive as possible, in layman's terms.

[vdun]

Something like this : https://support.portswigger.net/customer/portal/articles/1964020-using-burp-to-brute-force-a-login-page

[vanhauser-thc]

OK I understand it now. In complex situations e.g. where there are get and post parameters and http headers.

what basically would happen is that the feature would load the file and split up the request into its component itself. That is easy with the exception of the cookies.

It could be triggered by something like http-form-post://target.com#localfile so to ensure to make it look different to an uri/parameters.

[vdun]

@vanhauser-thc: FYI: bletchley-http2py