Browse Source

fixed Extra-Headers

epsylon 1 year ago
parent
commit
91bfbba7c0
2 changed files with 14 additions and 18 deletions
  1. 8 16
      core/curlcontrol.py
  2. 6 2
      core/main.py

+ 8 - 16
core/curlcontrol.py

@@ -138,14 +138,7 @@ class Curl:
         """
         Set extra headers.
         """
-        self.headers = headers
-        self.headers = self.headers.split("\n")
-        for headerValue in self.headers:
-            header, value = headerValue.split(": ")
-
-            if header and value:
-                self.set_option(pycurl.HTTPHEADER, (header, value))
-        return headers
+        self.set_option(pycurl.HTTPHEADER, [str(headers)])
 
     def set_proxy(self, ignoreproxy, proxy):
         """
@@ -279,7 +272,7 @@ class Curl:
             if str(self.handle.getinfo(pycurl.HTTP_CODE)) in ["302", "301"]:
                 self.set_option(pycurl.FOLLOWLOCATION, 1)
 
-    def __request(self, relative_url=None):
+    def __request(self, relative_url=None, headers=None):
         """
         Perform a request and returns the payload.
         """
@@ -305,9 +298,8 @@ class Curl:
                     self.set_option(pycurl.HTTPHEADER, self.fakeheaders + xforwfakevalue + xclientfakevalue)
             elif self.xclient:
                 self.set_option(pycurl.HTTPHEADER, self.fakeheaders + xclientfakevalue)
-        if self.headers:
-            self.fakeheaders = self.fakeheaders + self.headers
-        self.set_option(pycurl.HTTPHEADER, self.fakeheaders)
+        if headers:
+            self.set_headers(headers)
         if self.agent:
             self.set_option(pycurl.USERAGENT, self.agent)
         if self.referer:
@@ -406,22 +398,22 @@ class Curl:
                 return
         return self.payload
 
-    def get(self, url="", params=None):
+    def get(self, url="", headers=None, params=None):
         """
         Get a url.
         """
         if params:
             url += "?" + urllib.parse.urlencode(params)
         self.set_option(pycurl.HTTPGET, 1)
-        return self.__request(url)
+        return self.__request(url, headers)
 
-    def post(self, cgi, params):
+    def post(self, cgi, params, headers):
         """
         Post a url.
         """
         self.set_option(pycurl.POST, 1)
         self.set_option(pycurl.POSTFIELDS, params)
-        return self.__request(cgi)
+        return self.__request(cgi, headers)
 
     def body(self):
         """

+ 6 - 2
core/main.py

@@ -914,6 +914,10 @@ class xsser(EncoderDecoder, XSSerReporter):
         else:
             pool = self.pool
         c = Curl()
+        if self.options.headers: # add extra headers
+            headers = self.options.headers
+        else:
+            headers = None
         if self.options.getdata or not self.options.postdata:
             dest_url, agent, referer, cookie = self.get_url_payload(url, payload, query_string, None)
             def _cb(request, result):
@@ -927,7 +931,7 @@ class xsser(EncoderDecoder, XSSerReporter):
             c.cookie = cookie
             if " " in dest_url: # parse blank spaces
                 dest_url = dest_url.replace(" ", "+")
-            pool.addRequest(c.get, [[dest_url]], _cb, _error_cb)
+            pool.addRequest(c.get, [[dest_url, headers]], _cb, _error_cb)
             self._ongoing_requests += 1
         if self.options.postdata:
             dest_url, agent, referer, cookie = self.get_url_payload("", payload, query_string, None)
@@ -941,7 +945,7 @@ class xsser(EncoderDecoder, XSSerReporter):
             c.agent = agent
             c.referer = referer
             c.cookie = cookie
-            pool.addRequest(c.post, [[url, dest_url]], _cb, _error_cb)
+            pool.addRequest(c.post, [[url, dest_url, headers]], _cb, _error_cb)
             self._ongoing_requests += 1
 
     def error_attack_url_payload(self, c, url, request, error):