The above "sha1@none" parameter specification will encode the payload using the sha1 encoder and the result will be encoded again using the none encoder.
This line in the documentation suggests that "@" works left-to-right like a Unix pipe -- the result of the first encoder is processed by the second encoder. So the result of "md5@sha1" should be a sha1 hash of the md5 hash of the input.
Please provide steps to reproduce, including exact wfuzz command executed and output:
$ python3 -m http.server &
$ podman run -it --rm ghcr.io/xmendez/wfuzz wfuzz -z list,wfuzz,md5@sha1 http://192.168.99.229:8000/FUZZ
...
000000001: 404 14 L 37 W 469 Ch "75ef6f2fd0d190a5d14fa59caa2a5436"
...
$ podman run -it --rm ghcr.io/xmendez/wfuzz sh
# wfencode -e sha1 wfuzz | wfencode -e md5 -i
75ef6f2fd0d190a5d14fa59caa2a5436
Other relevant information:
To keep it straight in my head, I look at it kind of like a composite function -- f(g(x)). E.g. md5(sha1(input)). This puts the encoders in the right order on the command line. Perhaps this could be a useful way to explain it in the documentation.
Documentation conflicts with code regarding order of chained encoders
Context
Please check:
Please describe your local environment:
Docker image: ghcr.io/xmendez/wfuzz
Report
What is the current behavior?
The order of the chained encoders works right-to-left. The resulting payload of "md5@sha1" is an md5 hash, not a sha1.
What is the expected or desired behavior?
From Specifying multiple encoders:
This line in the documentation suggests that "@" works left-to-right like a Unix pipe -- the result of the first encoder is processed by the second encoder. So the result of "md5@sha1" should be a sha1 hash of the md5 hash of the input.
Please provide steps to reproduce, including exact wfuzz command executed and output:
Other relevant information:
To keep it straight in my head, I look at it kind of like a composite function -- f(g(x)). E.g. md5(sha1(input)). This puts the encoders in the right order on the command line. Perhaps this could be a useful way to explain it in the documentation.