Accept URLs on stdin, replace all query string values with a user-supplied value, only output each combination of query string parameters once per host and path.
git clone https://github.com/rix4uni/pvreplace.git ~/bin/pvreplace
echo "alias pvreplace='python3 ~/bin/pvreplace/pvreplace.py'" >> ~/.bashrc && source ~/.bashrc
Usage: python3 pvreplace.py [strings] [-without-encode] [-part] [-type] [-mode] [-payload [strings or filepath]]
positional arguments:
strings The string(s) to be replaced in URLs (default: FUZZ)
options:
-part Specify which part of the URL to modify Options: param-value, param-name, path-suffix, path-segment, ext-filename (default: param-value)
-type Specify the type of modification Options: replace, prefix, postfix (default: replace)
-mode Specify the mode of replacement Options: multiple, single (default: multiple)
-payload Specify payload(s) directly or from a file
-without-encode Optional argument to disable URL encoding (default: enabled)
-v, --version Prints current version
-h, --help Prints Help
param-value (default) - fuzz param-value for URL
▶ echo "http://testphp.vulnweb.com/artists.php?artist=1&id=2" | pvreplace -part param-value
http://testphp.vulnweb.com/artists.php?artist=FUZZ&id=FUZZ
param-name - fuzz param-name for URL
▶ echo "http://testphp.vulnweb.com/artists.php?artist=1&id=2" | pvreplace -part param-name
http://testphp.vulnweb.com/artists.php?FUZZ=1&FUZZ=2
path-suffix - fuzz path-suffix for URL
▶ echo "http://testphp.vulnweb.com/artists.php?artist=1&id=2" | pvreplace -part path-suffix
http://testphp.vulnweb.com/artists.phpFUZZ?artist=1&id=2
path-segment - fuzz path-segment for URL
▶ echo "http://testphp.vulnweb.com/wp-admin/admin-ajax.php" | pvreplace -part path-segment
http://testphp.vulnweb.com/wp-adminFUZZ/admin-ajax.php
ext-filename - fuzz ext-filename for URL
▶ echo "http://testphp.vulnweb.com/artists.php?artist=1&id=2" | pvreplace -part ext-filename
http://testphp.vulnweb.com/FUZZ.php?artist=1&id=2
replace (default) - replace the value with payload
▶ echo "http://testphp.vulnweb.com/artists.php?artist=1&id=2" | pvreplace -type replace
http://testphp.vulnweb.com/artists.php?artist=FUZZ&id=FUZZ
prefix - prefix the value with payload
▶ echo "http://testphp.vulnweb.com/artists.php?artist=1&id=2" | pvreplace -type prefix
http://testphp.vulnweb.com/artists.php?artist=FUZZ1&id=FUZZ2
postfix - postfix the value with payload
▶ echo "http://testphp.vulnweb.com/artists.php?artist=1&id=2" | pvreplace -type postfix
http://testphp.vulnweb.com/artists.php?artist=1FUZZ&id=2FUZZ
multiple (default) - replace all values at once
▶ echo "http://testphp.vulnweb.com/artists.php?artist=1&id=2" | pvreplace -mode multiple
http://testphp.vulnweb.com/artists.php?artist=FUZZ&id=FUZZ
single - replace one value at a time
▶ echo "http://testphp.vulnweb.com/artists.php?artist=1&id=2" | pvreplace -mode single
http://testphp.vulnweb.com/artists.php?artist=FUZZ&id=2
http://testphp.vulnweb.com/artists.php?artist=1&id=FUZZ
▶ echo "http://testphp.vulnweb.com/artists.php?artist=1&id=2" | pvreplace -payload '"><script>confirm(1)</script>, "<image/src/onerror=confirm(1)>' -without-encode
http://testphp.vulnweb.com/artists.php?artist="><script>confirm(1)</script>&id="><script>confirm(1)</script>
http://testphp.vulnweb.com/artists.php?artist="<image/src/onerror=confirm(1)>&id="<image/src/onerror=confirm(1)>
or
▶ echo "http://testphp.vulnweb.com/artists.php?artist=1&id=2" | pvreplace -payload payloads.txt -without-encode
http://testphp.vulnweb.com/artists.php?artist="><script>confirm(1)</script>&id="><script>confirm(1)</script>
http://testphp.vulnweb.com/artists.php?artist="<image/src/onerror=confirm(1)>&id="<image/src/onerror=confirm(1)>
## qsreplace
▶ echo "http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=14&tarifid=9998" | qsreplace "FUZZ"
http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=FUZZ&tarifid=FUZZ
## pvreplace
▶ echo "http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=14&tarifid=9998" | pvreplace -payload "FUZZ" -part param-value
http://fakedomain.com/fakefile.jsp;jsessionid=FUZZ&tarifid=FUZZ
▶ echo "http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=14&tarifid=9998" | pvreplace -payload "FUZZ" -part param-value -mode single
http://fakedomain.com/fakefile.jsp;jsessionid=FUZZ&tarifid=9998
http://fakedomain.com/fakefile.jsp;jsessionid=2ed4262dbe69850d25bc7c6424ba59db?hardwareid=14&tarifid=FUZZ
This tool was inspired by @R0X4R's bhedak tool. Thanks to them for the great idea!