MCPcopy Index your code
hub / github.com/devploit/nomore403 / requestMethodsCaseSwitching

Function requestMethodsCaseSwitching

cmd/requester.go:1758–1819  ·  view source on GitHub ↗

requestMethodsCaseSwitching makes HTTP requests using a list of methods from a file and prints the results.

(options RequestOptions)

Source from the content-addressed store, hash-verified

1756
1757// requestMethodsCaseSwitching makes HTTP requests using a list of methods from a file and prints the results.
1758func requestMethodsCaseSwitching(options RequestOptions) {
1759 lines, err := parseFile(options.folder + "/httpmethods")
1760 if err != nil {
1761 log.Printf("[!] Skipping verb case switching: %v", err)
1762 return
1763 }
1764
1765 // Pre-build all work items to know the total for progress.
1766 type workItem struct {
1767 method string
1768 originalContentLength int
1769 }
1770 var items []workItem
1771 for _, line := range lines {
1772 originalContentLength, exists := verbTamperingResults[line]
1773 if !exists {
1774 continue
1775 }
1776 methodCombinations := generateCaseCombinations(line)
1777 filteredCombinations := filterOriginalMethod(line, methodCombinations)
1778 selectedCombinations := selectRandomCombinations(filteredCombinations, 10)
1779 for _, method := range selectedCombinations {
1780 items = append(items, workItem{method, originalContentLength})
1781 }
1782 }
1783
1784 if len(items) == 0 {
1785 return
1786 }
1787
1788 w := goccm.New(maxGoroutines)
1789 p := newProgress("verb-case-switching", len(items))
1790
1791 for _, item := range items {
1792 time.Sleep(time.Duration(delay) * time.Millisecond)
1793 w.Wait()
1794 go func(item workItem) {
1795 defer w.Done()
1796 defer p.done()
1797 resp, err := requestWithRetry(item.method, options.uri, options.headers, options.proxy, options.rateLimit, options.timeout, options.redirect)
1798 if err != nil {
1799 if errors.Is(err, ErrRateLimited) {
1800 return
1801 }
1802 logVerbose(err)
1803 return
1804 }
1805
1806 contentLength := resp.contentLength
1807
1808 if contentLength == item.originalContentLength || isCalibrationMatch(contentLength) {
1809 return
1810 }
1811
1812 result := resultFromResponse(item.method, false, "verb-tampering-case", resp)
1813 attachHTTPReplay(&result, item.method, options.uri, options.headers, "", options.redirect, options.proxy, options.timeout)
1814 printResponse(result, "verb-tampering-case")
1815 }(item)

Calls 13

parseFileFunction · 0.85
generateCaseCombinationsFunction · 0.85
filterOriginalMethodFunction · 0.85
selectRandomCombinationsFunction · 0.85
newProgressFunction · 0.85
requestWithRetryFunction · 0.85
logVerboseFunction · 0.85
isCalibrationMatchFunction · 0.85
resultFromResponseFunction · 0.85
attachHTTPReplayFunction · 0.85
printResponseFunction · 0.85
doneMethod · 0.80