Skip to content

Releases: Sh1Yo/x8

v4.3.0

22 May 06:19
Compare
Choose a tag to compare
  • Improved template guessing;
  • Fixed file saving;
  • Default behavior for PATCH and DELETE methods changed. By default parameters are send via body now;
  • Replaced "not reflected one" with "changes reflections" text message;
  • Small other fixes;

v4.2.2

24 Mar 02:29
adb0b93
Compare
Choose a tag to compare
  • Improve binary data handling;
  • Fix double curly brackets in request json body that arise is some cases;

v4.2.0

07 Feb 00:00
Compare
Choose a tag to compare
  • Optimization has been greatly improved;
  • Improved the max amount of parameters per request detection;
  • Added --disable-trustdns option that can solve some dns issues;
  • Fixed rare false positives with reflected parameters;
  • Fixed --replay-proxy option;
  • Other small fixes;

v4.1.0

05 Dec 14:33
Compare
Choose a tag to compare
  • Fixed --test option.
  • Added --port option for request files.
  • Added -B option that equals -x http://localhost:8080.
  • Added linux binary with openssl v3 x86_64-linux-x8.tar.gz. The openssl v1 version is still supported x86_64-opensslv1-linux-x8.gz, but soon will be removed.
  • Fixed bug when --headers option worked wrong with POST methods.
  • Content-Type headers are now automatically added with --headers option when a body is specified.

v4.0.0

13 Nov 13:57
Compare
Choose a tag to compare

A lot of things were reworked. You can check the documentation here

v3.4.0

24 Jul 16:39
Compare
Choose a tag to compare
  • Improved --save-responses argument. It's now saves one request/response message per found parameter.
  • Added support of reading wordlists from stdin. (thanks to @amiremohamadi).
  • Small bugfixes.

v3.3.1

29 Apr 18:27
Compare
Choose a tag to compare
  • Error messages are user friendly again.
  • Fixed the bug when it was possible to run the tool without specifying the target.

v3.3.0

28 Apr 19:53
Compare
Choose a tag to compare
  • Fixed header discovery mode with http2 protocol.
  • Fixed rare logic bug related to the detection of reflected parameters.
  • http2 is used by default now.
  • Added ARM precompiled binary.

v3.2.1

31 Jan 19:48
Compare
Choose a tag to compare
  • Fix detection of reflected parameters;

v3.2.0

23 Jan 12:59
Compare
Choose a tag to compare
  • Added --reflected-only option to search only for reflected parameters;
  • Added --append option to not overwrite the output file;
  • Improved the detection of reflected parameters. Now it is case-insensitive:
    • The charset of the random values was changed. Now it doesn't contain uppercase characters;
    • The default size of parameter values was increased to 7 characters (was 5);
  • Added first stats:
    • If verbosity > 0 the tool will print the amount of made requests;
    • JSON output was changed;