Configure scan from raw request

Added in version 2.11.0
Tags:
Categories:

  3 minute read  

Configure a scan from a raw request (e.g. burp or similar)

Version 2.11.0 introduces the ability to begin a scan by passing in a raw request file.

The following table outlines the behavior of raw request and cli interactions. See the β€˜with cli parameters’ example below for further details.

uniquenot unique
headersappendedoverridden by cli
methodsappendedignored
user-agentn/aoverridden by cli
cookiesappendedoverridden by cli
query parametersappendedoverridden by cli

Example: no additional parameters

Given the following command and raw request file

feroxbuster --request-file raw.request

POST / HTTP/1.1
Accept: */*
Host: localhost.com
User-Agent: feroxbuster/custom-raw
Cookie: derp=tronic; super=duper
Connection: keep-alive

body

We get the following feroxbuster configuration.

───────────────────────────┬──────────────────────
 🎯  Target Url            β”‚ https://localhost.com/
 πŸš€  Threads               β”‚ 50
 πŸ“–  Wordlist              β”‚ /wordlists/seclists/Discovery/Web-Content/common.txt
 πŸ‘Œ  Status Codes          β”‚ All Status Codes!
 πŸ’₯  Timeout (secs)        β”‚ 7
 🦑  User-Agent            β”‚ feroxbuster/custom-raw
 πŸ”’  Default Protocol      β”‚ https
 πŸ’‰  Config File           β”‚ /home/epi/feroxbuster/ferox-config.toml
 🀯  Header                β”‚ Accept: */*
 🀯  Header                β”‚ Host: localhost.com
 🀯  Header                β”‚ Cookie: derp=tronic; super=duper
 🀯  Header                β”‚ Connection: keep-alive
 πŸ”Ž  Extract Links         β”‚ true
 🏁  HTTP methods          β”‚ [GET, POST]
 πŸ’£  HTTP Body             β”‚ body 
 πŸ”ƒ  Recursion Depth       β”‚ 4
 πŸŽ‰  New Version Available β”‚ https://github.com/epi052/feroxbuster/releases/latest
───────────────────────────┴──────────────────────

Example: with cli parameters

Given the same raw request file, we can alter the scan’s configuration with feroxbuster’s cli options. Depending on the context of the raw request and the option provided, the resulting configuration value may be β€˜in addition to’ or β€˜complete override’.

We’ll craft an example with two headers: one that doesn’t exist in the raw request and one that does.

feroxbuster --request-file raw.request --headers thedude:abides Host:overridden.com

POST / HTTP/1.1
Accept: */*
Host: localhost.com
User-Agent: feroxbuster/custom-raw
Cookie: derp=tronic; super=duper
Connection: keep-alive

body

Take note that thedude header is added to the existing list of headers, while Host has its value replaced with what was provided on the command line.

───────────────────────────┬──────────────────────
 🎯  Target Url            β”‚ https://overridden.com/
 πŸš€  Threads               β”‚ 50
 πŸ“–  Wordlist              β”‚ /wordlists/seclists/Discovery/Web-Content/common.txt
 πŸ‘Œ  Status Codes          β”‚ All Status Codes!
 πŸ’₯  Timeout (secs)        β”‚ 7
 🦑  User-Agent            β”‚ feroxbuster/custom-raw
 πŸ”’  Default Protocol      β”‚ https
 πŸ’‰  Config File           β”‚ /home/epi/feroxbuster/ferox-config.toml
 🀯  Header                β”‚ thedude: abides
 🀯  Header                β”‚ Host: overridden.com
 🀯  Header                β”‚ Accept: */*
 🀯  Header                β”‚ Connection: keep-alive
 🀯  Header                β”‚ Cookie: derp=tronic; super=duper
 πŸ”Ž  Extract Links         β”‚ true
 🏁  HTTP methods          β”‚ [GET, POST]
 πŸ’£  HTTP Body             β”‚ body 
 πŸ”ƒ  Recursion Depth       β”‚ 4
 πŸŽ‰  New Version Available β”‚ https://github.com/epi052/feroxbuster/releases/latest
───────────────────────────┴──────────────────────

Example: using –protocol

Within a raw request, it’s typical to not have an associated protocol within the Host header.

GET / HTTP/1.1
Host: localhost.com

feroxbuster uses the --protocol option to designate what should be placed in front of the domain. By default, it’s https, but can be changed to http if needed.

feroxbuster --request-file raw.request --protocol http

Note the Target Url field is now http instead of https, as seen in previous examples.

───────────────────────────┬──────────────────────
 🎯  Target Url            β”‚ http://localhost.com/
 πŸš€  Threads               β”‚ 50
 πŸ“–  Wordlist              β”‚ /wordlists/seclists/Discovery/Web-Content/common.txt
 πŸ‘Œ  Status Codes          β”‚ All Status Codes!
 πŸ’₯  Timeout (secs)        β”‚ 7
 🦑  User-Agent            β”‚ feroxbuster/2.11.0
 πŸ”“  Default Protocol      β”‚ http
 πŸ’‰  Config File           β”‚ /home/epi/feroxbuster/ferox-config.toml
 🀯  Header                β”‚ Host: localhost.com
 πŸ”Ž  Extract Links         β”‚ true
 🏁  HTTP methods          β”‚ [GET]
 πŸ”ƒ  Recursion Depth       β”‚ 4
 πŸŽ‰  New Version Available β”‚ https://github.com/epi052/feroxbuster/releases/latest
───────────────────────────┴──────────────────────