Support body data in POST requests

[fsaintjacques]

It is quite common to pass data via body in POST requests nowadays, having a -d flag à-la curl would be really useful :). As a remeinder, -d works in 2 ways:

• direct mode -d'my custom embedded data'
• file mode -d@path_where_my_data_is.json

[shekyan]

Sure, this is something to consider. Do you expect the data be slowly served as well e.g. for slow POST, or enable this for only slow read type of attacks?
I can see it be useful for slow read, where a specific body data can trigger a special handling path, but don't see a benefit of slowly serving specific data. But who knows..

[fsaintjacques]

In our specific case, we want slow read on the response body. The body of the request is used such that the server doesn't answer back a 5xx.

Specifically, we want to see how timeouts configuration in our server behaves with clients that slowly slurp response body.

[tchelidze]

Any updates ?

[joknoxy]

I can see another practical use-case here - if the server has added a WAF mitigation that looks for signs of non-legitimate request bodies and blocking those, then this feature could be used to test around that.