Fix -t priority when request file is used

Sh1Yo · May 22, 2023 · d141bb6 · d141bb6
1 parent 158648f
commit d141bb6
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 16 deletions.
diff --git a/src/config/args.rs b/src/config/args.rs
@@ -373,6 +373,19 @@ Increase the amount of workers to remove the error or use --force.")?;
         None => String::new(),
     };
 
+    let data_type  = match args.value_of("data-type") { 
+        Some(val) => {
+            if val == "json" {
+                Some(DataType::Json)
+            } else if val == "urlencoded" {
+                Some(DataType::Urlencoded)
+            } else {
+                Err("Incorrect --data-type specified")?
+            }
+        }
+        None => None
+    };
+
     // parse the default request information
     // either via the request file or via provided parameters
     let (methods, urls, headers, body, data_type, http_version) = if !request.is_empty() {
@@ -390,7 +403,7 @@ Increase the amount of workers to remove the error or use --force.")?;
             None
         };
 
-        parse_request(&request, &scheme, port, args.value_of("split-by"))?
+        parse_request(&request, &scheme, port, data_type, args.value_of("split-by"))?
     } else {
         // parse everything from user-supplied command line arguments
         let methods = if args.is_present("method") {
@@ -432,18 +445,14 @@ Increase the amount of workers to remove the error or use --force.")?;
         };
 
         // TODO replace with ".parse()" or sth like it
-        let data_type = match args.value_of("data-type") {
+        let data_type = match data_type {
             Some(val) => {
-                if val == "json" {
-                    Some(DataType::Json)
-                } else if val == "urlencoded" {
-                    Some(DataType::Urlencoded)
-                } else {
-                    Err("Incorrect --data-type specified")?
-                }
+                Some(val)
             }
             None => if headers.get_value_case_insensitive("content-type") == Some("application/json".to_string()) {
                 Some(DataType::ProbablyJson)
+            } else if   headers.get_value_case_insensitive("content-type") == Some("application/x-www-form-urlencoded".to_string()) {
+                Some(DataType::ProbablyUrlencoded)
             } else {
                 None
             },

diff --git a/src/config/utils.rs b/src/config/utils.rs
@@ -25,6 +25,7 @@ pub(super) fn parse_request<'a>(
     request: &'a str,
     scheme: &str,
     port: Option<u16>,
+    mut data_type: Option<DataType>,
     split_by: Option<&str>,
 ) -> Result<
     (
@@ -47,7 +48,6 @@ pub(super) fn parse_request<'a>(
     };
     let mut lines = lines.iter();
 
-    let mut data_type: Option<DataType> = None;
     let mut headers: Vec<(String, String)> = Vec::new();
     let mut host = String::new();
 
@@ -82,10 +82,10 @@ pub(super) fn parse_request<'a>(
 
         match key.to_lowercase().as_str() {
             "content-type" => {
-                if value.contains("json") {
+                if value.contains("json") && data_type.is_none() {
                     data_type = Some(DataType::ProbablyJson)
-                } else if value.contains("urlencoded") {
-                    data_type = Some(DataType::Urlencoded)
+                } else if value.contains("urlencoded") && data_type.is_none() {
+                    data_type = Some(DataType::ProbablyUrlencoded)
                 }
             }
             "host" => {

diff --git a/src/network/request.rs b/src/network/request.rs
@@ -469,12 +469,18 @@ impl<'a> RequestDefaults {
             }
         }
 
-        let data_type = if data_type != Some(DataType::ProbablyJson) {
+        let data_type = if data_type != Some(DataType::ProbablyJson) 
+        && data_type != Some(DataType::ProbablyUrlencoded) {
             data_type
+
         // explained in DataType enum comments
         // tl.dr. data_type was taken from a parsed request's content-type so we are not 100% sure what did a user mean
         } else if injection_place == InjectionPlace::Body {
-            Some(DataType::Json)
+            match data_type {
+                Some(DataType::ProbablyJson) => Some(DataType::Json),
+                Some(DataType::ProbablyUrlencoded) => Some(DataType::Urlencoded),
+                _ => unreachable!()
+            }
         } else if injection_place == InjectionPlace::Path {
             Some(DataType::Urlencoded)
         } else {

diff --git a/src/network/utils.rs b/src/network/utils.rs
@@ -32,13 +32,18 @@ pub enum DataType {
     /// we need a different data type for json because some json values can be used without quotes (numbers, booleans, ..)
     /// and therefore this type should be treated differently
     Json,
-    Urlencoded,
 
     /// that's from parsed request's content-type header
     /// needs to be ignored in case the injection points not within the body
     /// to exclude false positive /?{"ZXxZPLN":"ons9XDZ", ..} or Cookie: {"ZXxZPLN":"ons9XDZ", ..} queries
     // it still can be bypassed with the correct --data-type argument
     ProbablyJson,
+
+    Urlencoded,
+
+    /// the same as for ProbablyJson 
+    ProbablyUrlencoded,
+
     Headers
 }