Going through URLs with different protocols and paths.



  • Hello guys!
    I want to go through a URL wordlist with different protocols and paths I already have a list of, something like this:
    paths = ["http", "https"]
    paths = ["path1", "path2", "path3" ...]
    So the requested URL should be like this: <PROTOCOL>://<URL>/<PATH>/
    Another point the HIT should be saved with this variables as well.
    Is it possible? even with using loli script?
    Thanks.


  • Admin

    OpenBullet works best with a pre-generated wordlist so you should use a small python script to write all the combinations in a file, one per line, for example

    http|path1
    http|path2
    ...
    https|path1
    https|path2
    

    and finally you can split using a custom wordlist type in your environment.ini file

    [WLTYPE]
    Name=ProtoPath
    Regex=^.*$
    Verify=True
    Separator=|
    Slices=PROTOCOL,PATH
    

    You can use those variables exactly like you said in your example.
    Then you can just put the URL as an input field of the config, so when the config starts you can select a domain and it will apply the desired format to that specific domain so you don't have to hardcode the URL in the config.



  • @Ruri Thank you !



  • @Ruri Hello again,
    after trying to implement your solution I found that there might be a misunderstanding on my question,
    The URL should be coming from a wordlist, so it's not a specific pre-known URL.
    Your solution would be perfect if I can add multiple wordlist on the same runner and looping over the Proto Paths on each URL, but I think I can't do that (correct me if I'm wrong).


  • Admin

    Oh alright, but be aware that if you want a separate hit for each path on a same URL, you can't achieve this if you don't make a custom wordlist.
    If you don't care (and for example you want to build a list of valid paths for a given URL) then you should make a loop in loliscript that goes over a list of given paths and protocols. You can find guides on that on the forum.



  • @Ruri Thanks for your fast replies and your help as well (really appreciate it )!
    The URL list is huge like in millions so generating a new list would be time consuming,
    also it's less efficient since I'll be going through different path/proto of the same URL I already found a hit on it... I'll keep it as backup plan but I wanna go smart.
    FOR loop would be good way to go but I'm not familiar with loli script syntax I also couldn't find any documentation for it.
    Thanks again.


  • Admin

    There's no FOR loop, just WHILE loop.
    Alternatively, you can wait for OB2 which will support raw C# instructions mixed with blocks so you can do for, foreach etc. with the standard C# syntax.



  • Hello whoever seeing this, after couple coffees I found a solution so if anyone is interested:

    SET VAR "TOSPLIT" "path1/, path2/, path3/, ..."
    
    UTILITY Variable "TOSPLIT" Split "," -> VAR "PATHS" 
    
    UTILITY List "PATHS" Length -> VAR "LEN" 
    
    SET VAR "PROTOCOL" "http"
    
    #START
    SET VAR "INDEX" "0"
    WHILE "<INDEX>" LessThan "<LEN>"
    
    --- DO YOUR MAGIC HERE ---
    
    IF "<STATUS>" EqualTo "SUCCESS"
    JUMP #END
    ENDIF
    
    FUNCTION Compute "<INDEX>+1" -> VAR "INDEX" 
    
    ENDWHILE
    
    IF "<PROTOCOL>" EqualTo "http"
    SET VAR "PROTOCOL" "https"
    JUMP #START
    ENDIF
    
    SET STATUS FAIL
    
    #END
    

Log in to reply