Closes issue #349 (#356)

* fix version * Closes issue #349 Co-authored-by: firefart <firefart@gmail.com>
OJ · Oct 17, 2022 · 3df3778 · 3df3778
1 parent a27a1ab
commit 3df3778
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 2 deletions.
diff --git a/cli/cmd/fuzz.go b/cli/cmd/fuzz.go
@@ -78,6 +78,11 @@ func parseFuzzOptions() (*libgobuster.Options, *gobusterfuzz.OptionsFuzz, error)
 		return nil, nil, fmt.Errorf("invalid value for excludelength: %w", err)
 	}
 
+	plugin.RequestBody, err = cmdFuzz.Flags().GetString("body")
+	if err != nil {
+		return nil, nil, fmt.Errorf("invalid value for body: %w", err)
+	}
+
 	return globalopts, plugin, nil
 }
 
@@ -94,6 +99,7 @@ func init() {
 	}
 	cmdFuzz.Flags().StringP("excludestatuscodes", "b", "", "Negative status codes (will override statuscodes if set)")
 	cmdFuzz.Flags().IntSlice("exclude-length", []int{}, "exclude the following content length (completely ignores the status). Supply multiple times to exclude multiple sizes.")
+	cmdFuzz.Flags().StringP("body", "B", "", "Request body")
 
 	cmdFuzz.PersistentPreRun = func(cmd *cobra.Command, args []string) {
 		configureGlobalOptions()

diff --git a/gobusterfuzz/gobusterfuzz.go b/gobusterfuzz/gobusterfuzz.go
@@ -86,6 +86,9 @@ func (d *GobusterFuzz) PreRun(ctx context.Context) error {
 // ProcessWord is the process implementation of gobusterfuzz
 func (d *GobusterFuzz) ProcessWord(ctx context.Context, word string, progress *libgobuster.Progress) error {
 	url := strings.ReplaceAll(d.options.URL, "FUZZ", word)
+	data := strings.ReplaceAll(d.options.RequestBody, "FUZZ", word)
+
+	buffer := strings.NewReader(data)
 
 	tries := 1
 	if d.options.RetryOnTimeout && d.options.RetryAttempts > 0 {
@@ -97,7 +100,7 @@ func (d *GobusterFuzz) ProcessWord(ctx context.Context, word string, progress *l
 	var size int64
 	for i := 1; i <= tries; i++ {
 		var err error
-		statusCode, size, _, _, err = d.http.Request(ctx, url, libgobuster.RequestOptions{})
+		statusCode, size, _, _, err = d.http.Request(ctx, url, libgobuster.RequestOptions{Body: buffer})
 		if err != nil {
 			// check if it's a timeout and if we should try again and try again
 			// otherwise the timeout error is raised

diff --git a/gobusterfuzz/options.go b/gobusterfuzz/options.go
@@ -10,6 +10,7 @@ type OptionsFuzz struct {
 	ExcludedStatusCodes       string
 	ExcludedStatusCodesParsed libgobuster.Set[int]
 	ExcludeLength             []int
+	RequestBody               string        
 }
 
 // NewOptionsFuzz returns a new initialized OptionsFuzz

diff --git a/libgobuster/version.go b/libgobuster/version.go
@@ -2,5 +2,5 @@ package libgobuster
 
 const (
 	// VERSION contains the current gobuster version
-	VERSION = "3.2.0-dev"
+	VERSION = "3.2.1"
 )