Documentation
¶
Overview ¶
Package sender issues one-off HTTP/HTTPS requests directly to a target (bypassing the proxy listener) and records each as a flow. It backs the Repeater and Intruder modules.
Index ¶
- type Header
- type LoginMacro
- type Macro
- type Request
- type Sender
- func (s *Sender) RunLoginMacroNow() ([]Header, error)
- func (s *Sender) Send(r Request) (*store.Flow, error)
- func (s *Sender) SetLoginMacro(m LoginMacro)
- func (s *Sender) SetMacro(m Macro)
- func (s *Sender) SetSession(enabled bool, headers []Header)
- func (s *Sender) SetSessionRefresh(fn func([]Header))
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Header ¶
Header is a single session header applied to outgoing sends.
func ExtractSessionHeaders ¶ added in v0.8.0
ExtractSessionHeaders pulls auth headers from a login response.
func RunLoginMacro ¶ added in v0.8.0
func RunLoginMacro(cl *http.Client, m LoginMacro) ([]Header, error)
RunLoginMacro issues the recorded login request and returns session headers.
type LoginMacro ¶ added in v0.8.0
type LoginMacro struct {
Enabled bool `json:"enabled"`
Target string `json:"target"` // scheme://host[:port]
Request string `json:"request"` // raw HTTP request
RefreshSecs int `json:"refreshSecs"` // auto-refresh interval; 0 = manual / 401 only
ReauthOn401 bool `json:"reauthOn401"` // retry the original send once after re-login
}
LoginMacro records a login request. Running it extracts session credentials (Set-Cookie, Authorization) from the response and applies them to the global session headers. Optional TTL refresh and automatic re-auth on 401.
type Macro ¶ added in v0.7.0
type Macro struct {
Enabled bool `json:"enabled"`
Target string `json:"target"` // scheme://host[:port] for the refresh request
Request string `json:"request"` // raw HTTP request (request line + headers + optional body)
Extract string `json:"extract"` // regex with one capture group, run over the refresh RESPONSE
InjectMode string `json:"injectMode"` // "header" | "placeholder"
InjectName string `json:"injectName"` // header name, or the placeholder text to replace (e.g. §CSRF§)
}
Macro defines a token-refresh request whose response feeds a value into every subsequent send — for CSRF tokens that rotate per request, or to re-auth. The refresh request is sent with a plain client (never recorded, never recursive).
type Request ¶
type Request struct {
Method string
URL string
Headers map[string][]string
Body []byte
Flags int64 // e.g. store.FlagRepeater / store.FlagIntruder, OR'd onto the flow
Context context.Context // optional: cancel an in-flight send (e.g. an active-scan kill switch)
NoSession bool // skip the global session headers + token macro (authz replays carry their own identity)
// contains filtered or unexported fields
}
Request describes a request to send.
type Sender ¶
type Sender struct {
// contains filtered or unexported fields
}
Sender sends requests and persists them as flows.
func New ¶
New builds a Sender. The client does not follow redirects (each hop is its own flow, like Burp) and does not verify TLS — a security-testing tool routinely talks to targets with self-signed or invalid certificates.
func (*Sender) RunLoginMacroNow ¶ added in v0.8.0
RunLoginMacroNow runs the login macro immediately (API / manual re-auth).
func (*Sender) Send ¶
Send issues r, captures the response, and persists a flow. Transport-level failures are recorded as an errored flow (502) rather than returned as errors; only malformed input returns an error.
func (*Sender) SetLoginMacro ¶ added in v0.8.0
func (s *Sender) SetLoginMacro(m LoginMacro)
func (*Sender) SetMacro ¶ added in v0.7.0
SetMacro configures the token-refresh macro applied before each send.
func (*Sender) SetSession ¶
SetSession configures the session headers auto-applied to outgoing sends.
func (*Sender) SetSessionRefresh ¶ added in v0.8.0
SetSessionRefresh registers a callback invoked when a login macro produces new session headers (auto-refresh, manual run, or 401 re-auth).