Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[bug] not working with --only-custom-payload flag #344

Closed
normface opened this issue Jan 21, 2022 · 4 comments
Closed

[bug] not working with --only-custom-payload flag #344

normface opened this issue Jan 21, 2022 · 4 comments
Assignees
@hahwul
Labels
bug Something isn't working question Further information is requested
Milestone
v2.7.1

Comments

@normface
Copy link

normface commented Jan 21, 2022
edited
Loading

Question

Thanks for great tool. How can i use my custom payload file? I tried the below commands but it didn't work. There is no any requests wity my payloads, i check with Burpsuite. Is it bug?

dalfox file target.txt --only-custom-payload --custom-payload ./payloads.txt --skip-bav --skip-mining-all --proxy http://127.0.0.1:8080
/root/go/bin/dalfox file target.txt --custom-payload ./payloads.txt --skip-bav --skip-mining-all --proxy http://127.0.0.1:8080

target.txt

http://testphp.vulnweb.com/search.php?test=query
http://testphp.vulnweb.com/listproducts.php?cat=

payloads.txt
<script>alert(document.domain)</script>

dalfoxOutput

BurpOutput

Environment

  • Dalfox Version: v2.7.0
  • Installed : go install github.com/hahwul/dalfox/v2@latest
@normface normface added the question Further information is requested label Jan 21, 2022
@hahwul
Copy link
Owner

hahwul commented Feb 5, 2022

Hi @normface
Thank you for submit issue!
First, when I checked, there seems to be a problem with --only-custom-payload. I'll check this out!

with

$ dalfox file target.txt --only-custom-payload --custom-payload ./payloads.txt \
--skip-bav --proxy http://localhost:8090

without

$ dalfox file target.txt --custom-payload ./payloads.txt \
--skip-bav --proxy http://localhost:8090

스크린샷 2022-02-05 오후 12 22 22
스크린샷 2022-02-05 오후 12 22 28

@hahwul hahwul added the bug Something isn't working label Feb 5, 2022
@hahwul hahwul self-assigned this Feb 5, 2022
@hahwul hahwul modified the milestones: v2.7.0, v2.7.1 Feb 5, 2022
@hahwul hahwul changed the title How can i use custom payload file? not working with --only-custom-payload flag Feb 5, 2022
@hahwul hahwul changed the title not working with --only-custom-payload flag [bug] not working with --only-custom-payload flag Feb 5, 2022
hahwul added a commit that referenced this issue Feb 12, 2022
@hahwul
(#344) Fixed --only-custom-payload bug
872067f
@hahwul
Copy link
Owner

hahwul commented Feb 12, 2022

@normface
Hi, I fixed this issue :D
It will be apply in v2.7.1 release

Test

// payloads.txt
hahwul

스크린샷 2022-02-12 오후 10 17 41

@hahwul hahwul closed this as completed Feb 12, 2022
@hahwul
Copy link
Owner

hahwul commented Feb 12, 2022

v2.7.1 release note 🚀
Please refer to the document below for how to update!

https://dalfox.hahwul.com/docs/update/

@normface
Copy link
Author

Thank you =)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@hahwul hahwul

Labels
bug Something isn't working question Further information is requested
Projects
None yet
Milestone
v2.7.1
Development

No branches or pull requests
2 participants
@hahwul @normface