-
Notifications
You must be signed in to change notification settings - Fork 187
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add module http_post #130
base: master
Are you sure you want to change the base?
Add module http_post #130
Conversation
ceed948
to
efe6c93
Compare
493bcd5
to
791cdea
Compare
Codecov Report
@@ Coverage Diff @@
## master #130 +/- ##
==========================================
- Coverage 70.92% 70.89% -0.03%
==========================================
Files 76 78 +2
Lines 7563 7621 +58
==========================================
+ Hits 5364 5403 +39
- Misses 2199 2218 +19
Continue to review full report at Codecov.
|
Check if credentials are transported over an encrypted channel
791cdea
to
6118d1a
Compare
|
||
if "Letm3in_" not in request.encoded_data + request.encoded_params: | ||
return | ||
self.finished = True |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you can remove this line
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also as an improvement we can keep track of files we marked as vulnerable (using request.path
) to prevent duplicates (you can try on http://www.tvsoop.com/ for example which will generate lot of duplicates)
return | ||
self.finished = True | ||
|
||
self.log_red(NAME) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please use the output format used by other modules (take example here https://github.com/wapiti-scanner/wapiti/blob/master/wapitiCore/attack/mod_ssrf.py#L253 )
from wapitiCore.language.language import _ | ||
|
||
TYPE = "vulnerability" | ||
NAME = _("POST HTTP") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missing translations in en / fr .po files
I think this one can be closed now, replaced by module |
Check if credentials are transported over an encrypted channel