http-client
Send HTTP requests with support for common methods, custom headers, cookies, and HTTP/2.
commands:
# Simple HTTP/2 GET request:
- type: http-client
url: https://www.google.com
http2: True
# POST request with headers, cookies, and form data:
- type: http-client
cmd: POST
url: https://api.myapp.tld
useragent: "Mozilla Firefox 1/337"
headers:
"X-AUTH-TOKEN": "sometoken"
cookies:
mycookie: "cookie-value"
data:
view: edit
id: 10
# PUT request uploading a local file
- type: http-client
cmd: PUT
url: https://api.myapp.tld/dav
local_path: /tmp/webshell.php
- cmd
HTTP method to use. Supported values:
GET,POST,PUT,DELETE,PATCH,HEAD,OPTIONS.- Type:
str
- Default:
GET- Required:
False
- url
URL of the target.
- Type:
str
- Required:
True
- output_headers
Store headers in the output.
- Type:
str
- Default:
False- Required:
False
- headers
Additional HTTP headers to include in the request.
- Type:
dict[str,str]
- Required:
False
- cookies
Cookies to send in the
Cookieheader.- Type:
dict[str,str]
- Required:
False
- data
Form data to send in the request body. Equivalent to submitting an HTML form. Typically used with
POST.- Type:
dict[str,str]
- Required:
False
- local_path
Path to a local file whose contents will be sent as the request body. Useful for WebDAV uploads.
- Type:
str
- Required:
False
- useragent
Override the
User-Agentheader.- Type:
str
- Default:
AttackMate- Required:
False
- follow
Automatically follow HTTP redirects.
- Type:
bool
- Default:
False- Required:
False
- verify
Verify the server’s TLS certificate. Set to
Falseto skip verification (e.g. for self-signed certificates).- Type:
bool
- Default:
False- Required:
False
- http2
Negotiate HTTP/2 with the server and use it if supported.
- Type:
bool
- Default:
False- Required:
False