The Send Phase¶
Scope of the phase
This phase is obligatory for a nonmodifying extension to operate (the YAML file should contain the send
section).
Note that this phase is absent in a modifying extension because the Send phase would render other phases unusable (except for the Detect phase and implicit Collect phase) if combined with them.
Read about the extension types in detail here.
This phase sends the predefined test requests to test a target application for vulnerabilities. The host that the test requests should be sent to is determined by the Host
header value in incoming baseline requests.
The send
section has the following structure:
send:
- method: <HTTP method>
url: <URI>
headers:
- header 1: value
...
- header N: value
body: <the request body>
...
- method: <HTTP method>
...
The send
section in the extension YAML file contains one or more parameter set. Each parameter is specified as a <key: value>
pair. A given parameter set describes a single HTTP request to be sent as a test request. The following parameters are part of the set:
-
method
: the HTTP method to be used by the request.This is a required parameter: it should be present in any parameter set.
List of the allowed parameter's values
GET
POST
PUT
HEAD
OPTIONS
PATCH
COPY
DELETE
LOCK
UNLOCK
MOVE
TRACE
Example
method: 'POST'
-
url
: a URL string. The request will be targeted to this URI.This is a required parameter: it should be present in any parameter set.
Example
url: '/en/login.php'
-
headers
: an array that contains one or more HTTP headers in theheader name: header value
format.If the constructed HTTP request does not use any header, then this parameter can be omitted.
FAST automatically adds the headers required for the resulting HTTP request to be correct (even if they are missing in the
headers
array); for example,Host
andContent-Length
.Working with the
Host
headerYou can add a
Host
header to a test request that differs from the one extracted from a baseline request, if necessary.For example, it is possible to add the
Host: demo.com
header to a test request in the Send section.If the corresponding extension is running and the FAST node receives a baseline request with the
Host: example.com
header, then the test request with the headerHost: demo.com
will be sent to theexample.com
host. The resulting request is similar to this one: -
body
: a string that contains the request's body. You can specify any required request body, as long as you escape special characters, if any, in the resulting string.This is a required parameter: it should be present in any parameter set.
Example
body: 'field1=value1&field2=value2
If the send
section is populated with N
parameter sets describing the N
HTTP requests, then for a single incoming baseline request, the FAST node will send N
test requests to the target application that resides on a host specified in the Host
header of the baseline request.