small help update

2024-04-11 01:50:21 +03:00 · 2024-04-11 01:50:21 +03:00 · 232ca05679
commit 232ca05679
parent c50659c299
2 changed files with 2 additions and 2 deletions
--- a/main.go
+++ b/main.go
@ -22,7 +22,7 @@ import (
 func getCSRFtoken(url string) (token,cookie string) { // + cookie

 	http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
-
+	//TODO make it at least a bit look legit (add headers, etc)
 	res,err := http.Get(url)
 	errHandler(err, "can't connect to server")
 		
--- a/options.go
+++ b/options.go
@ -44,7 +44,7 @@ func ParseOptions() (*Options,error) {
 			flagSet.StringVarP(&options.UserFile, "L", "login-wordlist", "", "username wordlist"),
 			flagSet.StringVarP(&options.PassFile, "P", "password-wordlist", "", "Password wordlist"),
 			flagSet.StringVarP(&options.Proxy, "x", "proxy", "", "HTTP proxy for packet inspection (Burp/Caidu/ZAP) (for example http://127.0.0.1:8080). But be aware, if you enable inspection then attack will fail because of delays. Also expect bigger CPU usage, use for testing"),
-			flagSet.IntVarP(&options.Threads, "t", "threads", 10, "threads to bruteforce"), //TODO add estimate counter to packets/s
+			flagSet.IntVarP(&options.Threads, "t", "threads", 10, "threads to bruteforce (expect ~7 packets/s per thread, but rate limited by web-server or reverese-proxy to 40 pps)"), //TODO add estimate counter to packets/s
 			// flagSet.StringVarP(&options.URL, "u", "url", "", "target's url to login page. Example \"https://example.com/index.php/login, http://example.com/login \""),
 		)
 		_ = flagSet.Parse()