requestMethodsCaseSwitching makes HTTP requests using a list of methods from a file and prints the results.
(options RequestOptions)
| 1756 | |
| 1757 | // requestMethodsCaseSwitching makes HTTP requests using a list of methods from a file and prints the results. |
| 1758 | func requestMethodsCaseSwitching(options RequestOptions) { |
| 1759 | lines, err := parseFile(options.folder + "/httpmethods") |
| 1760 | if err != nil { |
| 1761 | log.Printf("[!] Skipping verb case switching: %v", err) |
| 1762 | return |
| 1763 | } |
| 1764 | |
| 1765 | // Pre-build all work items to know the total for progress. |
| 1766 | type workItem struct { |
| 1767 | method string |
| 1768 | originalContentLength int |
| 1769 | } |
| 1770 | var items []workItem |
| 1771 | for _, line := range lines { |
| 1772 | originalContentLength, exists := verbTamperingResults[line] |
| 1773 | if !exists { |
| 1774 | continue |
| 1775 | } |
| 1776 | methodCombinations := generateCaseCombinations(line) |
| 1777 | filteredCombinations := filterOriginalMethod(line, methodCombinations) |
| 1778 | selectedCombinations := selectRandomCombinations(filteredCombinations, 10) |
| 1779 | for _, method := range selectedCombinations { |
| 1780 | items = append(items, workItem{method, originalContentLength}) |
| 1781 | } |
| 1782 | } |
| 1783 | |
| 1784 | if len(items) == 0 { |
| 1785 | return |
| 1786 | } |
| 1787 | |
| 1788 | w := goccm.New(maxGoroutines) |
| 1789 | p := newProgress("verb-case-switching", len(items)) |
| 1790 | |
| 1791 | for _, item := range items { |
| 1792 | time.Sleep(time.Duration(delay) * time.Millisecond) |
| 1793 | w.Wait() |
| 1794 | go func(item workItem) { |
| 1795 | defer w.Done() |
| 1796 | defer p.done() |
| 1797 | resp, err := requestWithRetry(item.method, options.uri, options.headers, options.proxy, options.rateLimit, options.timeout, options.redirect) |
| 1798 | if err != nil { |
| 1799 | if errors.Is(err, ErrRateLimited) { |
| 1800 | return |
| 1801 | } |
| 1802 | logVerbose(err) |
| 1803 | return |
| 1804 | } |
| 1805 | |
| 1806 | contentLength := resp.contentLength |
| 1807 | |
| 1808 | if contentLength == item.originalContentLength || isCalibrationMatch(contentLength) { |
| 1809 | return |
| 1810 | } |
| 1811 | |
| 1812 | result := resultFromResponse(item.method, false, "verb-tampering-case", resp) |
| 1813 | attachHTTPReplay(&result, item.method, options.uri, options.headers, "", options.redirect, options.proxy, options.timeout) |
| 1814 | printResponse(result, "verb-tampering-case") |
| 1815 | }(item) |