diff --git a/main.go b/main.go index 163b172..cab01b6 100644 --- a/main.go +++ b/main.go @@ -22,7 +22,7 @@ import ( func getCSRFtoken(url string) (token,cookie string) { // + cookie http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true} - + //TODO make it at least a bit look legit (add headers, etc) res,err := http.Get(url) errHandler(err, "can't connect to server") diff --git a/options.go b/options.go index e12febc..8f5ca08 100644 --- a/options.go +++ b/options.go @@ -44,7 +44,7 @@ func ParseOptions() (*Options,error) { flagSet.StringVarP(&options.UserFile, "L", "login-wordlist", "", "username wordlist"), flagSet.StringVarP(&options.PassFile, "P", "password-wordlist", "", "Password wordlist"), flagSet.StringVarP(&options.Proxy, "x", "proxy", "", "HTTP proxy for packet inspection (Burp/Caidu/ZAP) (for example http://127.0.0.1:8080). But be aware, if you enable inspection then attack will fail because of delays. Also expect bigger CPU usage, use for testing"), - flagSet.IntVarP(&options.Threads, "t", "threads", 10, "threads to bruteforce"), //TODO add estimate counter to packets/s + flagSet.IntVarP(&options.Threads, "t", "threads", 10, "threads to bruteforce (expect ~7 packets/s per thread, but rate limited by web-server or reverese-proxy to 40 pps)"), //TODO add estimate counter to packets/s // flagSet.StringVarP(&options.URL, "u", "url", "", "target's url to login page. Example \"https://example.com/index.php/login, http://example.com/login \""), ) _ = flagSet.Parse()