Comments (4)
Quitten
commented on June 15, 2024
1
Hey, thanks for raising up this issue!
The previous implementation was that in case status code and length was the same, filters were not applied.
Now, the enforcement filters runs first, and only in case we have no indicators from it, we check the content-lenght.
Fixed in 34a42b6
Please let me know if there are still issues with it
Enjoy!
from autorize.
Quitten
commented on June 15, 2024
Hey, thanks for opening this issue, the filter "Headers (simple string)" suppose to give you this ability:
For some reason, seems like we have a bug and its not working properly, I will fix it and update.
Thanks again 👍
from autorize.
Quitten
commented on June 15, 2024
Seems like everything is working properly after checking it on my side, I used the Headers enforcement detector filter as described above.
As you can see, without the headers filter it looking like:
and then I added the headers filter and it worked as expected and labeled it as enforced:
Please let me know there is something I missed
In case there will be no reply in few days, I will close this issue.
Thanks!
from autorize.
roman-mueller
commented on June 15, 2024
But is this working if the initial detection is in "Bypassed!" state?
In your example the filter changed the "Is enforced???" to "Enforced!".
In my example it would be from "Bypassed!" to "Enforced!".
Also, in my case the length of all 3 requests was the same (0), not sure if this changes anything though.
from autorize.
Related Issues (20)
- Default filter HOT 1
- Exception “0d 0a” HOT 3
- Headers are case-sensitive HOT 1
- getMenuShortcutKeyMaskEx bug HOT 7
- Interception Filter based on Burp's listener port HOT 2
- Add parameter to query or body without removing headers HOT 1
- Send request to repeater HOT 4
- Autorize Showing Error HOT 1
- Changing light <> dark mode break Burp Suite HOT 2
- Interception Filters feature HOT 6
- Manual Install Step 5 Error HOT 1
- Does not work - infinite loading. HOT 2
- Extraneous newline added when no temporary headers specified HOT 5
- Interception filter on HTTP headers HOT 1
- Autorize use
- Autorize use
- OWASP ZAP – Access Control Testing
- [feature request] ^R --> to repeater HOT 11
- Bug on "send_request_to_autorize" function HOT 1
- [Feature] Match Response Header in Interception Filters HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from autorize.