To debug the target app vetoing attack requests versus not, this was useful for me:
sed -i 's|debugHeaderValue = testCase.Set + " /// " + testCase.Name + " /// " + placeholder.Name + " /// " + encoder + " /// " + hex.EncodeToString([]byte(payload))\
if len(debugHeaderValue) > 130 {\
debugHeaderValue = debugHeaderValue[:130] + "..."\
}|' internal/scanner/scanner.go
It sends a sha256 for now, and maybe the excellent GoTestWaf would wish to optionally retain that - another command line flag?
To debug the target app vetoing attack requests versus not, this was useful for me:
It sends a sha256 for now, and maybe the excellent GoTestWaf would wish to optionally retain that - another command line flag?