We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wapiti needs some new mutators to do the same thing that the current ones (see https://github.com/wapiti-scanner/wapiti/blob/master/wapitiCore/attack/attack.py#L355 ) but for XML and JSON content types.
This means that for example for a given json object: {"key1": "value1", "key2": ["value2"], "key3": int3}
{"key1": "value1", "key2": ["value2"], "key3": int3}
The following values should be sent when attacking :
{"key1": payload, "key2": ["value2"], "key3": int3}
{"key1": "value1", "key2": [payload], "key3": int3}
{"key1": "value1", "key2": ["value2"], "key3": payload}
I don't think it is necessary to replace all values of a list, let's only overwrite the first element.
We should go into nested dictionaries to overwrite values.
The same should be done for XML too.
The text was updated successfully, but these errors were encountered:
working on the json mutator
Sorry, something went wrong.
added the JSON mutator: #545
Next step is to integrate it so modules use it correctly
MR for the ability for modules to inject inside JSON body:
#585
devl00p
No branches or pull requests
Wapiti needs some new mutators to do the same thing that the current ones (see https://github.com/wapiti-scanner/wapiti/blob/master/wapitiCore/attack/attack.py#L355 ) but for XML and JSON content types.
This means that for example for a given json object:
{"key1": "value1", "key2": ["value2"], "key3": int3}
The following values should be sent when attacking :
{"key1": payload, "key2": ["value2"], "key3": int3}
{"key1": "value1", "key2": [payload], "key3": int3}
{"key1": "value1", "key2": ["value2"], "key3": payload}
I don't think it is necessary to replace all values of a list, let's only overwrite the first element.
We should go into nested dictionaries to overwrite values.
The same should be done for XML too.
The text was updated successfully, but these errors were encountered: