Support for more curl opts (-i, --data-ascii/-binary, -b/--cookie) (#38)

* added -data-ascii and -data-binary for curl compatibility * README update * README update regarding -i and -cookie * README update on -data-ascii and -data-binary
ffuf · Jun 26, 2019 · cb37501 · cb37501
1 parent 0210d42
commit cb37501
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -1,16 +1,16 @@
 ```
-        /'___\  /'___\           /'___\       
-       /\ \__/ /\ \__/  __  __  /\ \__/       
-       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\      
-        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/      
-         \ \_\   \ \_\  \ \____/  \ \_\       
-          \/_/    \/_/   \/___/    \/_/       
+        /'___\  /'___\           /'___\
+       /\ \__/ /\ \__/  __  __  /\ \__/
+       \ \ ,__\\ \ ,__\/\ \/\ \ \ \ ,__\
+        \ \ \_/ \ \ \_/\ \ \_\ \ \ \ \_/
+         \ \_\   \ \_\  \ \____/  \ \_\
+          \/_/    \/_/   \/___/    \/_/
 ```
 
 
 # ffuf - Fuzz Faster U Fool
 
-A fast web fuzzer written in Go. 
+A fast web fuzzer written in Go.
 
 Heavily inspired by the great projects [gobuster](https://github.com/OJ/gobuster) and [wfuzz](https://github.com/xmendez/wfuzz).
 
@@ -101,11 +101,22 @@ To define the test case for ffuf, use the keyword `FUZZ` anywhere in the URL (`-
     	HTTP method to use (default "GET")
   -ac
     	Automatically calibrate filtering options
+  -i
+      Dummy flag for copy as curl functionality (ignored)
+  -b "NAME1=VALUE1; NAME2=VALUE2"
+    	Cookie data "NAME1=VALUE1; NAME2=VALUE2" for copy as curl functionality.
+    	Results unpredictable when combined with -H "Cookie: ..."
+  -cookie
+      Cookie data (alias of -b)
   -c	Colorize output.
   -compressed
     	Dummy flag for copy as curl functionality (ignored) (default true)
   -d string
     	POST data
+  -data-ascii
+      POST data (alias of -d)
+  -data-binary
+      POST data (alias of -d)
   -data string
     	POST data (alias of -d)
   -e string
@@ -172,13 +183,15 @@ The only dependency of ffuf is Go 1.11. No dependencies outside of Go standard l
 - master
    - New
    - Changed
+      - New CLI flag: -i, dummy flag that does nothing. for compatibility with copy as curl.
+      - New CLI flag: -b/--cookie, cookie data for compatibility with copy as curl.
 
 - v0.10
    - New
       - New CLI flag: -ac to autocalibrate response size and word filters based on few preset URLs.
       - New CLI flag: -timeout to specify custom timeouts for all HTTP requests.
       - New CLI flag: --data for compatibility with copy as curl functionality of browsers.
-      - New CLI flag: --compress, dummy flag that does nothing. for compatibility with copy as curl.
+      - New CLI flag: --compressed, dummy flag that does nothing. for compatibility with copy as curl.
       - New CLI flags: --input-cmd, and --input-num to handle input generation using external commands. Mutators for example. Environment variable FFUF_NUM will be updated on every call of the command.
       - When --input-cmd is used, display position instead of the payload in results. The output file (of all formats) will include the payload in addition to the position however.
 

diff --git a/main.go b/main.go
@@ -31,6 +31,7 @@ type cliOptions struct {
 	proxyURL      string
 	outputFormat  string
 	headers       multiStringFlag
+	cookies       multiStringFlag
 	showVersion   bool
 }
 
@@ -64,10 +65,15 @@ func main() {
 	flag.StringVar(&opts.filterWords, "fw", "", "Filter by amount of words in response")
 	flag.StringVar(&conf.Data, "d", "", "POST data")
 	flag.StringVar(&conf.Data, "data", "", "POST data (alias of -d)")
+	flag.StringVar(&conf.Data, "data-ascii", "", "POST data (alias of -d)")
+	flag.StringVar(&conf.Data, "data-binary", "", "POST data (alias of -d)")
 	flag.BoolVar(&conf.Colors, "c", false, "Colorize output.")
 	flag.BoolVar(&ignored, "compressed", true, "Dummy flag for copy as curl functionality (ignored)")
 	flag.StringVar(&conf.InputCommand, "input-cmd", "", "Command producing the input. --input-num is required when using this input method. Overrides -w.")
 	flag.IntVar(&conf.InputNum, "input-num", 100, "Number of inputs to test. Used in conjunction with --input-cmd.")
+	flag.BoolVar(&ignored, "i", true, "Dummy flag for copy as curl functionality (ignored)")
+	flag.Var(&opts.cookies, "b", "Cookie data `\"NAME1=VALUE1; NAME2=VALUE2\"` for copy as curl functionality.\nResults unpredictable when combined with -H \"Cookie: ...\"")
+	flag.Var(&opts.cookies, "cookie", "Cookie data (alias of -b)")
 	flag.StringVar(&opts.matcherStatus, "mc", "200,204,301,302,307,401,403", "Match HTTP status codes from respose, use \"all\" to match every response code.")
 	flag.StringVar(&opts.matcherSize, "ms", "", "Match HTTP response size")
 	flag.StringVar(&opts.matcherRegexp, "mr", "", "Match regexp")
@@ -206,6 +212,10 @@ func prepareConfig(parseOpts *cliOptions, conf *ffuf.Config) error {
 		conf.Extensions = extensions
 	}
 
+	// Convert cookies to a header
+	if len(parseOpts.cookies) > 0 {
+		parseOpts.headers.Set("Cookie: " + strings.Join(parseOpts.cookies, "; "))
+	}
 	//Prepare headers
 	for _, v := range parseOpts.headers {
 		hs := strings.SplitN(v, ":", 2)