max-compare-size was added

Serhatcck · Oct 10, 2024 · d29646f · d29646f
1 parent 99cd98c
commit d29646f
Show file tree

Hide file tree

Showing 4 changed files with 50 additions and 43 deletions.
diff --git a/main.go b/main.go
@@ -54,6 +54,7 @@ func main() {
 	flagSet.StringVar(&options.ProxyUrl, "p", "", "Proxy URL for all ongoing requests")
 	flagSet.BoolVar(&options.XFFHeader, "xff", false, "Use X-F-F headers")
 	flagSet.StringVar(&options.XFFValue, "xff-val", "127.0.0.1", "Value for X-F-F headers (e.g., localhost 127.0.0.1)")
+	flagSet.Int64Var(&options.MaxBodyLengthForCompare, "max-compare-size", 3000, "To address the CPU performance issue with the diff operation, the isSimilar() function compares the HTTP response bodies. However, comparing large HTML files negatively impacts performance. To mitigate this performance problem, a size limit has been imposed on the files to be compared. This way, large files will not undergo comparison, reducing CPU strain.")
 	// Parse the flags
 
 	flagSet.Usage = func() {

diff --git a/pkg/hidden_fuzzer/config.go b/pkg/hidden_fuzzer/config.go
@@ -8,26 +8,27 @@ import (
 )
 
 type Config struct {
-	Context             context.Context
-	Target              string
-	Url                 *url.URL
-	Silent              bool
-	Wordlist            []string
-	Extensions          []string
-	Threads             int
-	Headers             map[string]string
-	FailureCheckTimeout int
-	TimeOut             int
-	Method              string
-	FailureCounter      int
-	DuplicateCounter    int
-	RedirectCounter     int
-	Depth               int
-	RateLimit           int
-	UseRateLimit        bool
-	ParamFuzing         bool
-	ParamValue          string
-	ProxyUrl            string
+	Context                 context.Context
+	Target                  string
+	Url                     *url.URL
+	Silent                  bool
+	Wordlist                []string
+	Extensions              []string
+	Threads                 int
+	Headers                 map[string]string
+	FailureCheckTimeout     int
+	TimeOut                 int
+	Method                  string
+	FailureCounter          int
+	DuplicateCounter        int
+	RedirectCounter         int
+	Depth                   int
+	RateLimit               int
+	UseRateLimit            bool
+	ParamFuzing             bool
+	ParamValue              string
+	ProxyUrl                string
+	MaxBodyLengthForCompare int64
 }
 
 func (c *Config) Build(options Options) error {
@@ -96,6 +97,7 @@ func (c *Config) Build(options Options) error {
 	c.ParamFuzing = options.ParamFuzing
 	c.ParamValue = options.ParamValue
 	c.ProxyUrl = options.ProxyUrl
+	c.MaxBodyLengthForCompare = options.MaxBodyLengthForCompare
 
 	//if param fuzzing is true do not handle 403 or directories.
 	//do not process sub directory depth

diff --git a/pkg/hidden_fuzzer/options.go b/pkg/hidden_fuzzer/options.go
@@ -26,26 +26,27 @@ func (h *headerFlags) Set(value string) error {
 }
 
 type Options struct {
-	Url                 string
-	Wordlist            string
-	Extensions          string
-	Headers             headerFlags
-	Method              string
-	Threads             int
-	FailureConter       int
-	DuplicateCounter    int
-	RedirectConter      int
-	Silent              bool
-	FailureCheckTimeout int
-	TimeOut             int
-	Depth               int
-	RateLimit           int
-	ParamFuzing         bool
-	ParamValue          string
-	Pipe                bool
-	FilterCode          string
-	ProxyUrl            string
-	XFFHeader           bool
-	XFFValue            string
-	WordlistStringArray []string
+	Url                     string
+	Wordlist                string
+	Extensions              string
+	Headers                 headerFlags
+	Method                  string
+	Threads                 int
+	FailureConter           int
+	DuplicateCounter        int
+	RedirectConter          int
+	Silent                  bool
+	FailureCheckTimeout     int
+	TimeOut                 int
+	Depth                   int
+	RateLimit               int
+	ParamFuzing             bool
+	ParamValue              string
+	Pipe                    bool
+	FilterCode              string
+	ProxyUrl                string
+	XFFHeader               bool
+	XFFValue                string
+	WordlistStringArray     []string
+	MaxBodyLengthForCompare int64
 }
diff --git a/pkg/hidden_fuzzer/simplerunner.go b/pkg/hidden_fuzzer/simplerunner.go
@@ -139,7 +139,10 @@ func (r *SimpleRunner) Execute(req *Request) (Response, error) {
 
 	if respbody, err := io.ReadAll(bodyReader); err == nil {
 		resp.ContentLength = int64(len(string(respbody)))
-		resp.Body = string(respbody)
+		if resp.ContentLength <= r.config.MaxBodyLengthForCompare {
+			resp.Body = string(respbody)
+		}
+
 	}
 
 	resp.Time = firstByteTime