Offensive Thinking
Internet Thoughtcrime
New project: http2code
Posted: 2010-05-20
A new repository has been added to my github account: http2code.
It was inspired by w3af’s ability to export a raw request to a template source code file for different languages (as a matter of fact, I once wrote the Ruby export). The idea is simple: I have a raw HTTP GET or POST request, e.g. from my favourite HTTP (attack) proxy. Now quite often, I want to write a little script revolving around that request, for example for fuzzing. Previously, I always manually added the request’s content to some template code for the HTTP library du jour I hopefully still found lying around somewhere on my hard drive. Then, I started to adapt the code to my liking.
The whole “copy the raw request, insert it into source code template (if any) and reformat until it fits into what the HTTP library expects (like parsing the raw body of a POST into an associative array, for example)” is a rather dull and repetitive task better done by a script. w3af already does it quite nicely, but I wanted a simple command line tool for this.
So I wrote http2code:
Usage: http2code [options]
-n, --newlines Use \n as line delimiter when parsing the
POST request instead of \r\n
-t, --template TEMPLATE Use template TEMPLATE
-b, --header-blacklist Use header blacklist to automatically
remove common headers not needed
-h, --help Show this help
Available Templates:
--------------------
typhoeus.rb
It takes a raw request from stdin and parses it into JSON data structures for headers, body and the first line containing the HTTP verb and URL. If you supply a template name, it’ll just put the JSON data into the template where some placeholders are defined. Then it writes the result to stdout. Pretty simple, but it saves me a lot of time. You will still have to manually adapt the code though, it may not work right out of the box.
At the moment there’s only a typhoeus template, I plan on adding them as I need / write them.