What is Peach
Installing
Tutorials
Methodology
Introduction
FAQ
Peach 3
Peach Pits
 General Conf
 Data Modeling
 State Modeling
 Agents
  Monitors
 Test
  Publishers
  Loggers
Running
Minset
Peach 2.3

License

Http Publisher

The Http publisher sends data over HTTP via a method of your choice. This publisher supports the following features:

  • Authentication via Basic, Digest, or Windows integrated

  • Definable method type

  • Fuzzing and dynamic setting of headers (both key and value)

  • Fuzzing and dynamic setting of query strings

  • Optional cookie support

  • SSL

Parameters

  • Method — HTTP Method type (GET, POST, etc)

  • Url — URL of target

  • BaseUrl — Base URL is used by some authentication types (optional)

  • Username — Username for authentication (optional)

  • Domain — Domain for authentication (optional)

  • Cookies — Enable cookie support (optional, defaults to true)

  • CookiesAcrossIterations — Track cookes across iterations (optional, defaults to false)

  • Timeout — How long to wait in milliseconds for data/connection (optional, default 3,000)

  • IgnoreCertErrors — Allow https regardless of cert status (defaults to false)

Actions

  • call — To fuzz the querystring or headers special method names are supported

    • Query — Specify as the method name for a call action, the first parameter is the query string

    • Header — Specify as the method name for a call action, the first parameter is the header name, the second is the value

  • output  — Data sent via output is provided as the HTTP body

Examples

Post data to a URL
<DataModel name="PostBody">
   <!-- ... -->
</DataModel>

<StateModel name="TheState">
  <State name="initial">
    <Action type="output">
      <DataModel ref="PostBody" />
    </Action>
  </State>
</StateModel>

<Test name="Default">
  <!-- ... -->
  <Publisher class="Http">
    <Param name="Method" value="POST" />
    <Param name="Url" value="http://foo.com/user/create" />
  </Publisher>
</Test>
Fuzz querystring
<DataModel name="QueryModel">
   <String value="key"/>
   <String value="=" token="true" />
   <String value="value"/>
</DataModel>

<StateModel name="TheState">
  <State name="initial">
    <Action type="call" method="Query">
      <Param>
        <DataModel ref="QueryModel" />
      </Param>
    </Action>
  </State>
</StateModel>

<Test name="Default">
  <!-- ... -->
  <Publisher class="Http">
    <Param name="Method" value="GET" />
    <Param name="Url" value="http://foo.com/user/create" />
  </Publisher>
</Test>
Fuzz header
<DataModel name="HeaderKey">
   <String value="Content-Type" />
</DataModel>
<DataModel name="HeaderValue">
   <String value="html" />
</DataModel>

<StateModel name="TheState">
  <State name="initial">
    <Action type="call" method="Header">
      <Param>
        <DataModel ref="HeaderKey" />
      </Param>
      <Param>
        <DataModel ref="HeaderValue" />
      </Param>
    </Action>
  </State>
</StateModel>

<Test name="Default">
  <!-- ... -->
  <Publisher class="Http">
    <Param name="Method" value="GET" />
    <Param name="Url" value="http://foo.com/user/create" />
  </Publisher>
</Test>