kiterunner icon indicating copy to clipboard operation
kiterunner copied to clipboard
verified publisher icon assetnote

Header flag acknowledged but not being added to requests

Open bluesm866 opened this issue 5 years ago • 3 comments

Running kr scan "https://example.com/api" --header="Cookie: example=abc123" -w /kiterunner/routes/routes-small.kite the header shows up on the information table printed before scanning.

When running kr kb replay -w /kiterunner/routes/routes-small.kite "<any resulting line from scan here>" it shows that the request was sent without the header.

bluesm866 avatar Apr 16 '21 15:04 bluesm866

Thanks @bluesm866 . This is a bit more of a challenging task to tackle, the hash you use only identifies which API the request belongs to in the wordlist. We don't actually include any details about the flags used in the request in that response line.

Hence, its difficult to know retrospectively what headers the user had when performing the scan.

Would you prefer being able to specify the headers in a similar way for the replay? Or maybe specifying a scan configuration file instead of -w that let you include all the wordlists/headers for a set of requests. Then we can reconstruct the full request based off the scan configuration.

minight avatar Apr 18 '21 22:04 minight

Hello, Particularly, I would prefer to just specify the header in line when using the replay option. But any of these options look great, both would give the user the option to replay the exact same request that was sent at scan time.

De: minight @.> Enviado: domingo, 18 de abril de 2021 20:03 Para: assetnote/kiterunner @.> Cc: bluesm866 @.>; Mention @.> Assunto: Re: [assetnote/kiterunner] Header flag acknowledged but not being added to requests (#22)

Thanks @bluesm866https://github.com/bluesm866 . This is a bit more of a challenging task to tackle, the hash you use only identifies which API the request belongs to in the wordlist. We don't actually include any details about the flags used in the request in that response line.

Hence, its difficult to know retrospectively what headers the user had when performing the scan.

Would you prefer being able to specify the headers in a similar way for the replay? Or maybe specifying a scan configuration file instead of -w that let you include all the wordlists/headers for a set of requests. Then we can reconstruct the full request based off the scan configuration.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/assetnote/kiterunner/issues/22#issuecomment-822073136, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ARAM4ZNXHPK6TRHNYPBVF4DTJNM3FANCNFSM43BXBERQ.

bluesm866 avatar Apr 19 '21 13:04 bluesm866

hi ,

I am not able to run with headers while running kiterunner , when I run below command

kr scan https://jobs.xyzeecom/ses/ -w routes-large.kite -H 'Host: jobs.xyzee.com\nCookie: JSESSIONID=w2~3E85DBC1E\nX-Csrf-Token: 2ec9bfb3-affff13ca'

header infomation is shown in output table but when I replay request:

kr kb replay -q --proxy=http://localhost:8080 -w routes-large.kite "POST 500 [ 9, 2, 1] https://jobs.xyzee.com/ses/dev-api/api/task/documentUpload 0cf683b180ae4a2e1de357901a1b8f"

in response i dont see the headers which i wanted the kiterunner to use.

I tried another way by creating yaml file with below values

header: Cookie: JSESSIONID=w2~3E85D7C0A57858FFE9164AD41B6FBC1E; X-Csrf-Token: 2ec9bfb3-f7a8-43a4-b0a9-957affff13ca

and using it like below:

kr scan https://jobs.xyzee.com/ses/ -w routes-large.kite --config /Users/sh/.kiterunner.yaml

but still dont see any change.

99smith avatar May 20 '22 11:05 99smith