You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently we make assumptions about web servers being attacked and have some global flags that apply and make those assumptions. This isn't always the case nor wanted behavior. Instead, we should put a check on the config.Protocol that will apply a set of flags/behaviors based on the target. That way, we can provide protocol specific flags and settings, as well as suppress framework messages that are irrelevant to the exploit (my IPv6 windows fragmentation PoC shouldn't be printing the HTTP user agent).
In addition, this should also let us do things like adding HTTP protocol specific flags for missing vhost or path/rootpath flags.
Currently we make assumptions about web servers being attacked and have some global flags that apply and make those assumptions. This isn't always the case nor wanted behavior. Instead, we should put a check on the
config.Protocol
that will apply a set of flags/behaviors based on the target. That way, we can provide protocol specific flags and settings, as well as suppress framework messages that are irrelevant to the exploit (my IPv6 windows fragmentation PoC shouldn't be printing the HTTP user agent).In addition, this should also let us do things like adding HTTP protocol specific flags for missing
vhost
orpath
/rootpath
flags.See #180 (comment)
The text was updated successfully, but these errors were encountered: