Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

JSON and XML mutator #314

Open
devl00p opened this issue Aug 1, 2022 · 3 comments
Open

JSON and XML mutator #314

devl00p opened this issue Aug 1, 2022 · 3 comments
Assignees
Labels
enhancement New feature or request

Comments

@devl00p
Copy link
Contributor

devl00p commented Aug 1, 2022

Wapiti needs some new mutators to do the same thing that the current ones (see https://github.com/wapiti-scanner/wapiti/blob/master/wapitiCore/attack/attack.py#L355 ) but for XML and JSON content types.

This means that for example for a given json object:
{"key1": "value1", "key2": ["value2"], "key3": int3}

The following values should be sent when attacking :

{"key1": payload, "key2": ["value2"], "key3": int3}

{"key1": "value1", "key2": [payload], "key3": int3}

{"key1": "value1", "key2": ["value2"], "key3": payload}

I don't think it is necessary to replace all values of a list, let's only overwrite the first element.

We should go into nested dictionaries to overwrite values.

The same should be done for XML too.

@devl00p devl00p added the enhancement New feature or request label Aug 1, 2022
@devl00p devl00p self-assigned this Dec 6, 2023
@devl00p
Copy link
Contributor Author

devl00p commented Dec 6, 2023

working on the json mutator

@devl00p
Copy link
Contributor Author

devl00p commented Dec 9, 2023

added the JSON mutator: #545

Next step is to integrate it so modules use it correctly

@devl00p
Copy link
Contributor Author

devl00p commented Apr 6, 2024

MR for the ability for modules to inject inside JSON body:

#585

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

1 participant