sender

package
v0.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 26, 2026 License: MIT Imports: 15 Imported by: 0

Documentation

Overview

Package sender issues one-off HTTP/HTTPS requests directly to a target (bypassing the proxy listener) and records each as a flow. It backs the Repeater and Intruder modules.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Header struct {
	Key   string `json:"key"`
	Value string `json:"value"`
}

Header is a single session header applied to outgoing sends.

func ExtractSessionHeaders added in v0.8.0

func ExtractSessionHeaders(resp *http.Response) []Header

ExtractSessionHeaders pulls auth headers from a login response.

func RunLoginMacro added in v0.8.0

func RunLoginMacro(cl *http.Client, m LoginMacro) ([]Header, error)

RunLoginMacro issues the recorded login request and returns session headers.

type LoginMacro added in v0.8.0

type LoginMacro struct {
	Enabled     bool   `json:"enabled"`
	Target      string `json:"target"`      // scheme://host[:port]
	Request     string `json:"request"`     // raw HTTP request
	RefreshSecs int    `json:"refreshSecs"` // auto-refresh interval; 0 = manual / 401 only
	ReauthOn401 bool   `json:"reauthOn401"` // retry the original send once after re-login
}

LoginMacro records a login request. Running it extracts session credentials (Set-Cookie, Authorization) from the response and applies them to the global session headers. Optional TTL refresh and automatic re-auth on 401.

type Macro added in v0.7.0

type Macro struct {
	Enabled    bool   `json:"enabled"`
	Target     string `json:"target"`     // scheme://host[:port] for the refresh request
	Request    string `json:"request"`    // raw HTTP request (request line + headers + optional body)
	Extract    string `json:"extract"`    // regex with one capture group, run over the refresh RESPONSE
	InjectMode string `json:"injectMode"` // "header" | "placeholder"
	InjectName string `json:"injectName"` // header name, or the placeholder text to replace (e.g. §CSRF§)
}

Macro defines a token-refresh request whose response feeds a value into every subsequent send — for CSRF tokens that rotate per request, or to re-auth. The refresh request is sent with a plain client (never recorded, never recursive).

type Request

type Request struct {
	Method    string
	URL       string
	Headers   map[string][]string
	Body      []byte
	Flags     int64           // e.g. store.FlagRepeater / store.FlagIntruder, OR'd onto the flow
	Context   context.Context // optional: cancel an in-flight send (e.g. an active-scan kill switch)
	NoSession bool            // skip the global session headers + token macro (authz replays carry their own identity)
	// contains filtered or unexported fields
}

Request describes a request to send.

type Sender

type Sender struct {
	// contains filtered or unexported fields
}

Sender sends requests and persists them as flows.

func New

func New(st *store.Store, cap *capture.Capturer) *Sender

New builds a Sender. The client does not follow redirects (each hop is its own flow, like Burp) and does not verify TLS — a security-testing tool routinely talks to targets with self-signed or invalid certificates.

func (*Sender) RunLoginMacroNow added in v0.8.0

func (s *Sender) RunLoginMacroNow() ([]Header, error)

RunLoginMacroNow runs the login macro immediately (API / manual re-auth).

func (*Sender) Send

func (s *Sender) Send(r Request) (*store.Flow, error)

Send issues r, captures the response, and persists a flow. Transport-level failures are recorded as an errored flow (502) rather than returned as errors; only malformed input returns an error.

func (*Sender) SetLoginMacro added in v0.8.0

func (s *Sender) SetLoginMacro(m LoginMacro)

func (*Sender) SetMacro added in v0.7.0

func (s *Sender) SetMacro(m Macro)

SetMacro configures the token-refresh macro applied before each send.

func (*Sender) SetSession

func (s *Sender) SetSession(enabled bool, headers []Header)

SetSession configures the session headers auto-applied to outgoing sends.

func (*Sender) SetSessionRefresh added in v0.8.0

func (s *Sender) SetSessionRefresh(fn func([]Header))

SetSessionRefresh registers a callback invoked when a login macro produces new session headers (auto-refresh, manual run, or 401 re-auth).

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL