This is a simple module for modifying and/or repeatedly executing cURL requests.
cURL requests can be repeated quickly by making use of parallel processing.
Additionally, this module can be useful for security testing. You can dynamically replace a substring in the request with, for example, XSS vectors written in a pre-defined text file. These modified requests will also be executed.
Call the execute_repeated_request function with a valid cURL request and a desired n number of repeats. By default, this function works in parallel. If this causes problems for your machine, a False flag can be passed to disable it.
Due to the lack of pickling in Windows, if you want to repeat requests in parallel you have to call the function in your script as follows:
import curl_modifier
if __name__ == '__main__':
curl_modifier.execute_repeated_request(curl_request, n)One use case of this script is to check if attack vectors, in this example XSS, can be reflected/persisted on a website (assuming you have authority to execute penetration tests). A POST example for placing a comment on a forum may look like this:
curl "{HTTPS_URL}" -H "foo: bar" "cookie: foo=bar" --data "comment=REPLACE_THIS"
In this case, you want to pass this request to the execute_requests_with_file_substrings function and replace a given string (in this case REPLACE_THIS) with many different vectors. This function requires you to pass a full path to a .txt file with separated lines, like this:
<script>alert('XSS Vector 1')</script>
<IMG SRC=x onerror="alert('XSS Vector 2')">Each of these lines will replace the specified substring and these modified requests will all be executed. After the job has finished, you can visit the website you are testing and assert whether any XSS is reflected and/or if the inputs are sanitised in any way.
pip install curl-modifier