Request/Response DSL Signatures #196
wdahlenburg
started this conversation in
Ideas
Replies: 1 comment 1 reply
-
@ehsandeep I know this is an older one, but is there an update on this idea? Thanks! |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
The current proxify behavior allows for a string to be supplied for a request-dsl and response-dsl. For starters, it would be nice to support multiple DSLs to match against.
The proxify config file would be a good place to define multiple matchers if support was added for them.
I'm not sure how expensive each additional matcher is per request/response, but I think the idea of maintaining a set of signatures would be pretty cool. I've always wanted a proxy to be able to match on requests or responses containing secrets, rather than having to store all requests to disk and then searching them manually after the fact.
Having signatures on a proxy would be pretty neat as the signatures can be URI independent, compared to how some of the templates work today with nuclei (Request clustering definitely helps there, but what about the same patterns on non-default paths?). I envision it as a passive way to find credentials and tokens while browsing through websites as it's really simple to add proxify as or with an upstream proxy.
Beta Was this translation helpful? Give feedback.
All reactions