Module: Basic Auth #1143
Replies: 1 comment 1 reply
-
|
Just thinking about this module wouldn't it be an idea if it was built into the request helper (and httpx)? Therefore other modules that use the request helper wouldn't have to be modified. If the request helper runs into a 401 it could bruteforce the endpoint with a wordlist and save any valid credentials against the domain within the helper module offloading the logic from each individual module |
Beta Was this translation helpful? Give feedback.
-
|
This is a good idea, although currently we don't have a system to implement it cleanly. In the current system, the way to do it would be to consume URLs with the
With BBOT 2.0, we might have a better way to do this with module hooks. We might also replace projectdiscovery's httpx with a native python thing similar to what we're doing with dns, which would let us visit URLs individually instead of in batches. |
Beta Was this translation helpful? Give feedback.
-
Courtesy of @j3tj3rk, it would be cool to have a module that tried common creds (admin/admin, etc.) against all the 401 pages.
Beta Was this translation helpful? Give feedback.
All reactions