Going through URLs with different protocols and paths.

  • Hello guys!
    I want to go through a URL wordlist with different protocols and paths I already have a list of, something like this:
    paths = ["http", "https"]
    paths = ["path1", "path2", "path3" ...]
    So the requested URL should be like this: <PROTOCOL>://<URL>/<PATH>/
    Another point the HIT should be saved with this variables as well.
    Is it possible? even with using loli script?

  • Admin

    OpenBullet works best with a pre-generated wordlist so you should use a small python script to write all the combinations in a file, one per line, for example


    and finally you can split using a custom wordlist type in your environment.ini file


    You can use those variables exactly like you said in your example.
    Then you can just put the URL as an input field of the config, so when the config starts you can select a domain and it will apply the desired format to that specific domain so you don't have to hardcode the URL in the config.

  • @Ruri Thank you !

  • @Ruri Hello again,
    after trying to implement your solution I found that there might be a misunderstanding on my question,
    The URL should be coming from a wordlist, so it's not a specific pre-known URL.
    Your solution would be perfect if I can add multiple wordlist on the same runner and looping over the Proto Paths on each URL, but I think I can't do that (correct me if I'm wrong).

  • Admin

    Oh alright, but be aware that if you want a separate hit for each path on a same URL, you can't achieve this if you don't make a custom wordlist.
    If you don't care (and for example you want to build a list of valid paths for a given URL) then you should make a loop in loliscript that goes over a list of given paths and protocols. You can find guides on that on the forum.

  • @Ruri Thanks for your fast replies and your help as well (really appreciate it )!
    The URL list is huge like in millions so generating a new list would be time consuming,
    also it's less efficient since I'll be going through different path/proto of the same URL I already found a hit on it... I'll keep it as backup plan but I wanna go smart.
    FOR loop would be good way to go but I'm not familiar with loli script syntax I also couldn't find any documentation for it.
    Thanks again.

  • Admin

    There's no FOR loop, just WHILE loop.
    Alternatively, you can wait for OB2 which will support raw C# instructions mixed with blocks so you can do for, foreach etc. with the standard C# syntax.

  • Hello whoever seeing this, after couple coffees I found a solution so if anyone is interested:

    SET VAR "TOSPLIT" "path1/, path2/, path3/, ..."
    UTILITY Variable "TOSPLIT" Split "," -> VAR "PATHS" 
    UTILITY List "PATHS" Length -> VAR "LEN" 
    SET VAR "PROTOCOL" "http"
    SET VAR "INDEX" "0"
    WHILE "<INDEX>" LessThan "<LEN>"
    --- DO YOUR MAGIC HERE ---
    IF "<STATUS>" EqualTo "SUCCESS"
    FUNCTION Compute "<INDEX>+1" -> VAR "INDEX" 
    IF "<PROTOCOL>" EqualTo "http"
    SET VAR "PROTOCOL" "https"

