Documentation
¶
Overview ¶
Package sender issues one-off HTTP/HTTPS requests directly to a target (bypassing the proxy listener) and records each as a flow. It backs the Repeater and Intruder modules.
Index ¶
- type Header
- type LoginMacro
- type Macro
- type Request
- type Sender
- func (s *Sender) RunLoginMacroNow() ([]Header, error)
- func (s *Sender) Send(r Request) (*store.Flow, error)
- func (s *Sender) SetLoginMacro(m LoginMacro)
- func (s *Sender) SetMacro(m Macro)
- func (s *Sender) SetOnPersist(fn func(*store.Flow))
- func (s *Sender) SetSession(enabled bool, headers []Header)
- func (s *Sender) SetSessionHostHeaders(hh map[string][]Header)
- func (s *Sender) SetSessionRefresh(fn func([]Header))
- func (s *Sender) SetSessionScope(fn SessionScope)
- func (s *Sender) TestLoginMacro(m LoginMacro) (status int, headers []Header, err error)
- type SessionScope
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Header ¶
Header is a single session header applied to outgoing sends.
func ExtractSessionHeaders ¶ added in v0.8.0
ExtractSessionHeaders pulls auth headers from a login response.
func RunLoginMacro ¶ added in v0.8.0
func RunLoginMacro(cl *http.Client, m LoginMacro) ([]Header, error)
RunLoginMacro issues the recorded login request and returns session headers.
type LoginMacro ¶ added in v0.8.0
type LoginMacro struct {
Enabled bool `json:"enabled"`
Target string `json:"target"` // scheme://host[:port]
Request string `json:"request"` // raw HTTP request
RefreshSecs int `json:"refreshSecs"` // auto-refresh interval; 0 = manual / 401 only
ReauthOn401 bool `json:"reauthOn401"` // retry the original send once after re-login
}
LoginMacro records a login request. Running it extracts session credentials (Set-Cookie, Authorization) from the response and applies them to the global session headers. Optional TTL refresh and automatic re-auth on 401.
type Macro ¶ added in v0.7.0
type Macro struct {
Enabled bool `json:"enabled"`
Target string `json:"target"` // scheme://host[:port] for the refresh request
Request string `json:"request"` // raw HTTP request (request line + headers + optional body)
Extract string `json:"extract"` // regex with one capture group, run over the refresh RESPONSE
InjectMode string `json:"injectMode"` // "header" | "placeholder"
InjectName string `json:"injectName"` // header name, or the placeholder text to replace (e.g. §CSRF§)
}
Macro defines a token-refresh request whose response feeds a value into every subsequent send — for CSRF tokens that rotate per request, or to re-auth. The refresh request is sent with a plain client (never recorded, never recursive).
type Request ¶
type Request struct {
Method string
URL string
Headers map[string][]string
Body []byte
Flags int64 // e.g. store.FlagRepeater / store.FlagIntruder, OR'd onto the flow
Context context.Context // optional: cancel an in-flight send (e.g. an active-scan kill switch)
NoSession bool // skip the global session headers + token macro (authz replays carry their own identity)
// contains filtered or unexported fields
}
Request describes a request to send.
type Sender ¶
type Sender struct {
// contains filtered or unexported fields
}
Sender sends requests and persists them as flows.
func New ¶
New builds a Sender. The client does not follow redirects (each hop is its own flow, like Burp) and does not verify TLS — a security-testing tool routinely talks to targets with self-signed or invalid certificates.
func (*Sender) RunLoginMacroNow ¶ added in v0.8.0
RunLoginMacroNow runs the login macro immediately (API / manual re-auth).
func (*Sender) Send ¶
Send issues r, captures the response, and persists a flow. Transport-level failures are recorded as an errored flow (502) rather than returned as errors; only malformed input returns an error.
func (*Sender) SetLoginMacro ¶ added in v0.8.0
func (s *Sender) SetLoginMacro(m LoginMacro)
func (*Sender) SetMacro ¶ added in v0.7.0
SetMacro configures the token-refresh macro applied before each send.
func (*Sender) SetOnPersist ¶ added in v0.12.0
SetOnPersist registers a callback invoked after each flow is stored. The control plane wires this to SSE flow.new so Repeater/Intruder/MCP sends refresh Proxy History the same way proxied traffic does.
func (*Sender) SetSession ¶
SetSession configures the session headers auto-applied to outgoing sends.
func (*Sender) SetSessionHostHeaders ¶ added in v0.12.0
SetSessionHostHeaders configures per-host auth header overrides. When a send target's hostname matches a key, those headers replace the global headers for that request. Pass nil to clear all per-host overrides.
func (*Sender) SetSessionRefresh ¶ added in v0.8.0
SetSessionRefresh registers a callback invoked when a login macro produces new session headers (auto-refresh, manual run, or 401 re-auth).
func (*Sender) SetSessionScope ¶ added in v0.12.0
func (s *Sender) SetSessionScope(fn SessionScope)
SetSessionScope sets the host gate for session injection (typically target scope).
func (*Sender) TestLoginMacro ¶ added in v0.11.0
func (s *Sender) TestLoginMacro(m LoginMacro) (status int, headers []Header, err error)
TestLoginMacro dry-runs the given login macro: it issues the login request and returns the response status plus the session headers it WOULD set, WITHOUT touching the live session. Backs the UI "Test" button so an operator can see what the macro does (and whether it captures a session) before relying on it.