We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
很好的工具! 但是存在大量未授权访问误报,如下两图: 大量API都返回类似"success:false"或者"No such operation"之类的信息,工具错误判断为未授权访问了。 建议: 1:HTTP状态码过滤,如500,401,403等。 2:关键字过滤,如false,error,exception等。 3:增加可选的授权参数,如--token/--cookie,对比授权和未授权请求某API的返回内容进行过滤。
The text was updated successfully, but these errors were encountered:
还有,可以增加 “非”关键字过滤,也就是响应中出现某个关键字就过滤掉,不显示。 比如某接口直接请求会响应: {"status": -3, "message": "\u83b7\u53d6\u6570\u636e\u5931\u8d25"} 那我就想通过\u83b7\u53d6\u6570\u636e\u5931\u8d25 过滤掉一大批接口。 这个功能可以在html上实现,也可以在参数上加,建议在html上实现。
Sorry, something went wrong.
html可以把相同的响应列出来。需要鉴权的响应内容其实都一样,根据返回长度排序,很快能分析出真正有未授权的接口。
此功能已经实现:3b86f52
1:HTTP状态码过滤,如500,401,403等。 3:增加可选的授权参数,如--token/--cookie,对比授权和未授权请求某API的返回内容进行过滤。
1和3两个功能已经存在,可见说明文档,感谢您的支持!我们会持续优化
No branches or pull requests
很好的工具!
但是存在大量未授权访问误报,如下两图:
大量API都返回类似"success:false"或者"No such operation"之类的信息,工具错误判断为未授权访问了。
建议:
1:HTTP状态码过滤,如500,401,403等。
2:关键字过滤,如false,error,exception等。
3:增加可选的授权参数,如--token/--cookie,对比授权和未授权请求某API的返回内容进行过滤。
The text was updated successfully, but these errors were encountered: