Feature Request: Inject Headers

[dptsec]

It may be useful to be able to inject headers on a rule basis in addition to specifying them on the command line. This would allow us to test rules like the following using the already built-in functionality for response matching:

    CORSDetection:
      description: CORS misconfiguration
      injectHeader:
        - "Origin: test.com"
      expectation:
        responseHeaders:
          - Access-Control-Allow-Origin: test.com

This could also be extended to further tests such as X-Host, X-Forwarded-Host, X-Forwarded-Server being reflected in the response, or Host header SSRF's.

The benefit to having this feature as a rule instead of setting a blanket header for every request is that some hosts and endpoints may respond badly to them.

[ameenmaali]

Thanks for the suggestion @movsxd. I've considered this a bunch so far, and will think about how/if we can do this. Basically, the tool was built specifically for query string injections, and while it could migrate more broadly, I'm not sure if that's the best direction to take as there are other tools out there focused on more broad scanning. Either way, appreciate it and I'll think a bit about this.