httpx x3

There’s 3 different httpx tools:

• The bash tool
• The python cli tool
• The python library

Here’s how you can use them.

httpx - the fuzzing tool

$ httpx

    __    __  __       _  __
   / /_  / /_/ /_____ | |/ /
  / __ \/ __/ __/ __ \|   /
 / / / / /_/ /_/ /_/ /   |
/_/ /_/\__/\__/ .___/_/|_|
             /_/

                projectdiscovery.io

[INF] Current httpx version v1.3.5 (latest)

Introduction

httpx is a fast web application reconnaissance, automation and enumeration tool written in Go. It’s known for its speed and ease of use, making it a valuable tool for Bug Bounty Hunters and analysts.

Installation of go

These days, you can go with the repo version of go (>=1.18).

$ sudo apt install golang

Installation of httpx

$ go install -v github.com/projectdiscovery/httpx/cmd/httpx@latest

Basic Usage

httpx accepts STDIN input for scanning. Run a basic scan with options:

$ echo "http://vulnerable.com" | httpx
$ echo "http://vulnerable.com" | httpx -title -status-code -tech-detect -follow-redirects

Subdomain enum using subfinder and scan

Use subfinder to enumerate subdomains and feed them to httpx:

$ subfinder -d vulnerable.com | httpx -title -status-code -tech-detect -follow-redirects

Content probe

Use probes to refine scan results:

$ httpx -l list -path /robots.txt -sc

Content comparers

Use comparers to narrow down results:

$ cat list | httpx -mc 200,301,302 -sc

Content filters

Apply filters to eliminate results:

$ cat list | httpx -sc -fc 404

Rates and Timeouts

Control scan rates and timeouts:

$ cat list | httpx -sc -probe -t 10 -rl 1 -rlm 600

Show Responses and Requests

View HTTP requests and responses:

$ echo "http://vulnerable.com" | httpx -debug

Filtering for SQL Injections

Filter for SQL injection vulnerabilities:

$ echo "http://vulnerable.com" | httpx -path "/listproducts.php?cat=1’" -ms "Error: You have an error in your SQL syntax;"

Filtering for XSS reflections

Filter for reflected XSS vulnerabilities:

$ echo "http://vulnerable.com" | httpx -path "/listproducts.php?cat=<script>alert(1)</script>" -ms "<script>alert(1)</script>"

Web Page Fuzzing

Fuzz web pages using the -path module:

$ echo "http://vulnerable.com" | httpx -probe -sc -path "/login.php"

File output

Export scan results to files in different formats:

$ cat list | httpx -sc -o /root/results.txt
$ cat list | httpx -sc -csv -o /root/results.csv
$ cat list | httpx -sc -json -o /root/results.json
$ cat list | httpx -sc -o /root/results.txt -srd /root/responses

TCP/IP customizations

Customize TCP/IP filters for in-depth reconnaissance:

$ echo "http://network-sec.de" | httpx -pa -probe
$ echo "http://network-sec.de" | httpx -p 22,25,80,443,3306 -probe

POST Login

Send POST requests and log in:

$ echo "http://vulnerable.com" | httpx -debug-resp -x post -path "/userinfo.php" -H "Cookie: login=test%2Ftest" -body "uname=test&pass=test"

HTTP Methods Probe

Probe all HTTP OPTIONS (request methods):

$ echo "http://vulnerable.com" | httpx -x all -probe

Routing through proxy

Route HTTP requests through custom proxies:

$ echo "http://vulnerable.com" | httpx -x all -probe -http-proxy http://127.0.0.1:8080

httpx - the Python module cli tool

This is a completely different tool.

$ pip install httpx[cli,http2]

For sanity reasons, we renamed httpx to httpx-cli and will continue throughout the writeup.

$ httpx-cli --help
                                                                    HTTPX 🦋

                                                         A next generation HTTP client.

Usage: httpx <URL> [OPTIONS]


 -m, --method METHOD             Request method, such as GET, POST, PUT, PATCH, DELETE, OPTIONS, HEAD.
                                 [Default: GET, or POST if a request body is included]

 -p, --params <NAME VALUE> ...   Query parameters to include in the request URL.

 -c, --content TEXT              Byte content to include in the request body.

 -d, --data <NAME VALUE> ...     Form data to include in the request body.

 -f, --files <NAME FILENAME> ... Form files to include in the request body.

 -j, --json TEXT                 JSON data to include in the request body.

 -h, --headers <NAME VALUE> ...  Include additional HTTP headers in the request.

 --cookies <NAME VALUE> ...      Cookies to include in the request.

 --auth <USER PASS>              Username and password to include in the request. Specify '-' for the password to use a password prompt. Note
                                 that using --verbose/-v will expose the Authorization header, including the password encoding in a trivially
                                 reversible format.

 --proxies URL                   Send the request via a proxy. Should be the URL giving the proxy address.

 --timeout FLOAT                 Timeout value to use for network operations, such as establishing the connection, reading some data, etc...
                                 [Default: 5.0]

 --follow-redirects              Automatically follow redirects.

 --no-verify                     Disable SSL verification.

 --http2                         Send the request using HTTP/2, if the remote server supports it.

 --download FILE                 Save the response content as a file, rather than displaying it.

 -v, --verbose                   Verbose output. Show request as well as response.

 --help                          Show this message and exit.

Sending a GET Request

$ httpx-cli https://jsonplaceholder.typicode.com/posts/1

Sending a POST Request with JSON Data

$ httpx-cli -m POST -j '{"title": "foo", "body": "bar", "userId": 1}' https://jsonplaceholder.typicode.com/posts

Sending Query Parameters

$ httpx-cli -p userId=1 https://jsonplaceholder.typicode.com/posts

Specifying Custom Headers

$ httpx-cli -h "Authorization" "Bearer TOKEN" https://api.example.com/resource

Handling Cookies

$ httpx-cli --cookies "session_id" "12345" https://example.com

Following Redirects

$ httpx-cli --follow-redirects https://example.com

Disabling SSL Verification

$ httpx-cli --no-verify https://example.com

Downloading Files

$ httpx-cli --download image.jpg https://example.com/image.jpg

Verbose Output

$ httpx-cli -v https://example.com

Authentication

$ httpx-cli --auth username:password https://api.example.com/resource

Sending Form Data

$ httpx-cli -m POST -d "key1=value1&key2=value2" https://example.com/submit

Sending Files

$ httpx-cli -m POST -f "file1@/path/to/file1.txt" -f "file2@/path/to/file2.txt" https://example.com/upload

HTTP/2 Support

$ httpx-cli --http2 https://example.com

Certainly, here’s a writeup with examples for using the httpx Python library:

httpx - the Python HTTP Client Library

This is essentially the same tool, but as library for use in your own Python code.

Installation

$ pip install httpx

Sending a GET Request

import httpx

async def send_get_request():
    async with httpx.AsyncClient() as client:
        response = await client.get("https://jsonplaceholder.typicode.com/posts/1")
        print(response.text)

# Run the asynchronous function
import asyncio
asyncio.run(send_get_request())

This code sends a GET request to the specified URL and prints the response content.

Sending a POST Request with JSON Data

import httpx

async def send_post_request():
    async with httpx.AsyncClient() as client:
        data = {"title": "foo", "body": "bar", "userId": 1}
        response = await client.post("https://jsonplaceholder.typicode.com/posts", json=data)
        print(response.text)

# Run the asynchronous function
import asyncio
asyncio.run(send_post_request())

Here, we send a POST request with JSON data to create a new post.

Sending Query Parameters

import httpx

async def send_request_with_query_params():
    async with httpx.AsyncClient() as client:
        params = {"userId": 1}
        response = await client.get("https://jsonplaceholder.typicode.com/posts", params=params)
        print(response.text)

# Run the asynchronous function
import asyncio
asyncio.run(send_request_with_query_params())

You can include query parameters in the request URL.

Specifying Custom Headers

import httpx

async def send_request_with_custom_headers():
    async with httpx.AsyncClient() as client:
        headers = {"Authorization": "Bearer TOKEN"}
        response = await client.get("https://api.example.com/resource", headers=headers)
        print(response.text)

# Run the asynchronous function
import asyncio
asyncio.run(send_request_with_custom_headers())

Use custom HTTP headers in the request by specifying them in the headers dictionary.

Handling Cookies

import httpx

async def send_request_with_cookies():
    async with httpx.AsyncClient() as client:
        cookies = {"session_id": "12345"}
        response = await client.get("https://example.com", cookies=cookies)
        print(response.text)

# Run the asynchronous function
import asyncio
asyncio.run(send_request_with_cookies())

You can send cookies with your request by providing a cookies dictionary.

Following Redirects

import httpx

async def send_request_with_redirects():
    async with httpx.AsyncClient() as client:
        response = await client.get("https://example.com", follow_redirects=True)
        print(response.url)

# Run the asynchronous function
import asyncio
asyncio.run(send_request_with_redirects())

Set follow_redirects=True to automatically follow HTTP redirects.

Disabling SSL Verification

import httpx

async def send_request_with_no_ssl_verify():
    async with httpx.AsyncClient(verify=False) as client:
        response = await client.get("https://example.com")
        print(response.text)

# Run the asynchronous function
import asyncio
asyncio.run(send_request_with_no_ssl_verify())

Disable SSL verification by passing verify=False when creating the client.