So-called "preflight requests" for getting csrf and cookies, add pausing on some responce codes (as stop on 403 but pausing...) #845
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
First interesting feature is so-called pre-flight requests as discussed in #525
So it can be possible to get CSRF tokens and cookies before each requests
Example:
Second feature is pausing on specified codes. For example if ffuf got 429 of 403 from WAF it can pause for some time and continue after WAF releasing.
Ex:
./ffuf -c -w /temp/wordlist.txt:FUZZ -u https://ffuf.io.fi/FUZZ -pausecode 403,429 -pausetime 60,90,120,180,300
So first pause will be 60 sec, second - 90 sec, etc. Fifth, six and other pauses will be 300 seconds.