Skip to content

Latest commit

 

History

History
61 lines (58 loc) · 2.66 KB

notes.org

File metadata and controls

61 lines (58 loc) · 2.66 KB
Raw

create a “header” and “cookie” object with “render” and “devour” methods

should __repr__ and __iter__ as a list, in order based on the __seq__ field

should have __contains__ that checks header names

e.g.: “Content-Length” in headers

should be possible to access as a dictionary

should have “add” “set” (add or update) and “delete” methods to add, update, or delete keys

parent should have a way to use “replace” on headers and cookies

should probably have a simple content object that’s just a dict with a different __repr__

add error handling for “puke” method so things are validated going out

error handling modes should be..

“default” validate going out, raise exception when wrong

“force” do exactly what I say no matter what

“fix” transparently fix any incorrect values where possible

puke mode should be configurable on init….somehow…

general notes

change package layout

harpy

__init__.py

har.py

utils/

<utils>

objects will be able to be instantiated in different ways but will all return either a har request or har response object

har should be able to create a har object from a har file, har stream, a http file, or http stream

har objects will be able to

req and har parser notes

use HTTPMessage for parsing all headers <- FIX!!!! is callous to case

have “replace” and “replace_update” that updates things like content-length

find a better way to set headers… maybe a method of request??

_sequence is not required, but MUST be exposed IF multiple requests are to be parsed

extra notes

all tied together called Cthulhu Web Destroyer (cwd)

vipe <- use for editing on pipes

replay a request from a har and check response for

matching a regex

% match to a previous response

export from burp repeater to har

use metadata (comment) to tie HAR to test plan

comment in request for test item

comment in response for test outcome

create interface for controlling metadata

example

cat | socat tcp4-l:9999,fork,reuseaddr system:’0>&3 cat& cat 1>&4’,fdin=3,fdout=4 | cat

cat tmpfifo | socat PIPE:tmpfifo2 - | socat tcp4-l:9995,fork,reuseaddr - | socat PIPE:tmpfifo - & cat tmpfifo > tmpfifo2

CFP

give use cases

use cases 1 complex searches with multiple params

use cases 2 quick sitemap

fuzz and give me the most different

record login & make into a function

use a live session (perhaps selenium)

easy multiple search in one line

use soup to parse response to get something specific easily and sequence

draw flow chart

explain IPC mechanisms

pipe

black boxes: Filter, Requestor, Proxy Listener

shell plugin