Configure scan from raw request
Categories:
3 minute read
Configure a scan from a raw request (e.g. burp or similar)
Version 2.11.0 introduces the ability to begin a scan by passing in a raw request file.
The following table outlines the behavior of raw request and cli interactions. See the βwith cli parametersβ example below for further details.
unique | not unique | |
---|---|---|
headers | appended | overridden by cli |
methods | appended | ignored |
user-agent | n/a | overridden by cli |
cookies | appended | overridden by cli |
query parameters | appended | overridden by cli |
Example: no additional parameters
Given the following command and raw request file
feroxbuster --request-file raw.request
POST / HTTP/1.1
Accept: */*
Host: localhost.com
User-Agent: feroxbuster/custom-raw
Cookie: derp=tronic; super=duper
Connection: keep-alive
body
We get the following feroxbuster configuration.
ββββββββββββββββββββββββββββ¬ββββββββββββββββββββββ
π― Target Url β https://localhost.com/
π Threads β 50
π Wordlist β /wordlists/seclists/Discovery/Web-Content/common.txt
π Status Codes β All Status Codes!
π₯ Timeout (secs) β 7
𦑠User-Agent β feroxbuster/custom-raw
π Default Protocol β https
π Config File β /home/epi/feroxbuster/ferox-config.toml
π€― Header β Accept: */*
π€― Header β Host: localhost.com
π€― Header β Cookie: derp=tronic; super=duper
π€― Header β Connection: keep-alive
π Extract Links β true
π HTTP methods β [GET, POST]
π£ HTTP Body β body
π Recursion Depth β 4
π New Version Available β https://github.com/epi052/feroxbuster/releases/latest
ββββββββββββββββββββββββββββ΄ββββββββββββββββββββββ
Example: with cli parameters
Given the same raw request file, we can alter the scanβs configuration with feroxbusterβs cli options. Depending on the context of the raw request and the option provided, the resulting configuration value may be βin addition toβ or βcomplete overrideβ.
Weβll craft an example with two headers: one that doesnβt exist in the raw request and one that does.
feroxbuster --request-file raw.request --headers thedude:abides Host:overridden.com
POST / HTTP/1.1
Accept: */*
Host: localhost.com
User-Agent: feroxbuster/custom-raw
Cookie: derp=tronic; super=duper
Connection: keep-alive
body
Take note that thedude
header is added to the existing list of headers, while Host
has its value replaced with what was provided on the command line.
ββββββββββββββββββββββββββββ¬ββββββββββββββββββββββ
π― Target Url β https://overridden.com/
π Threads β 50
π Wordlist β /wordlists/seclists/Discovery/Web-Content/common.txt
π Status Codes β All Status Codes!
π₯ Timeout (secs) β 7
𦑠User-Agent β feroxbuster/custom-raw
π Default Protocol β https
π Config File β /home/epi/feroxbuster/ferox-config.toml
π€― Header β thedude: abides
π€― Header β Host: overridden.com
π€― Header β Accept: */*
π€― Header β Connection: keep-alive
π€― Header β Cookie: derp=tronic; super=duper
π Extract Links β true
π HTTP methods β [GET, POST]
π£ HTTP Body β body
π Recursion Depth β 4
π New Version Available β https://github.com/epi052/feroxbuster/releases/latest
ββββββββββββββββββββββββββββ΄ββββββββββββββββββββββ
Example: using βprotocol
Within a raw request, itβs typical to not have an associated protocol within the Host
header.
GET / HTTP/1.1
Host: localhost.com
feroxbuster
uses the --protocol
option to designate what should be placed in front of the domain. By default, itβs https
, but can be changed to http
if needed.
feroxbuster --request-file raw.request --protocol http
Note the Target Url
field is now http
instead of https
, as seen in previous examples.
ββββββββββββββββββββββββββββ¬ββββββββββββββββββββββ
π― Target Url β http://localhost.com/
π Threads β 50
π Wordlist β /wordlists/seclists/Discovery/Web-Content/common.txt
π Status Codes β All Status Codes!
π₯ Timeout (secs) β 7
𦑠User-Agent β feroxbuster/2.11.0
π Default Protocol β http
π Config File β /home/epi/feroxbuster/ferox-config.toml
π€― Header β Host: localhost.com
π Extract Links β true
π HTTP methods β [GET]
π Recursion Depth β 4
π New Version Available β https://github.com/epi052/feroxbuster/releases/latest
ββββββββββββββββββββββββββββ΄ββββββββββββββββββββββ