{"id":13841133,"url":"https://github.com/soufianetahiri/HttpRquestPlayer","last_synced_at":"2025-07-11T11:32:51.512Z","repository":{"id":130753122,"uuid":"338086994","full_name":"soufianetahiri/HttpRquestPlayer","owner":"soufianetahiri","description":"This small utility could help you to find authorization bugs.","archived":false,"fork":false,"pushed_at":"2021-02-12T15:14:55.000Z","size":21,"stargazers_count":8,"open_issues_count":0,"forks_count":2,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-11-21T11:38:29.230Z","etag":null,"topics":["auth","authorization","cookie","http-client","pentest-tool","permissions","privileges","roles"],"latest_commit_sha":null,"homepage":"","language":"C#","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/soufianetahiri.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-02-11T16:38:34.000Z","updated_at":"2024-09-06T00:15:04.000Z","dependencies_parsed_at":"2023-05-23T10:15:27.932Z","dependency_job_id":null,"html_url":"https://github.com/soufianetahiri/HttpRquestPlayer","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/soufianetahiri/HttpRquestPlayer","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soufianetahiri%2FHttpRquestPlayer","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soufianetahiri%2FHttpRquestPlayer/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soufianetahiri%2FHttpRquestPlayer/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soufianetahiri%2FHttpRquestPlayer/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/soufianetahiri","download_url":"https://codeload.github.com/soufianetahiri/HttpRquestPlayer/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/soufianetahiri%2FHttpRquestPlayer/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264795402,"owners_count":23665231,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["auth","authorization","cookie","http-client","pentest-tool","permissions","privileges","roles"],"created_at":"2024-08-04T17:01:03.118Z","updated_at":"2025-07-11T11:32:51.218Z","avatar_url":"https://github.com/soufianetahiri.png","language":"C#","funding_links":[],"categories":["C# #"],"sub_categories":[],"readme":"\n## What is it?\nThis utility could help you to find authorization bugs. Just edit *request.json* by providing for exmple a high and a low priviliged user's requests headers, paths to scan and thats it. The tool will proceed to requests with both headers and hilight diffirent http response.\n\nFor now, It supports GET and POST .\n\n## requests.json sample\n\n {\n \"baseUrl\":\"https://www.target.someurl.com\",\n \"originalHeaders\":[\n \"Host: www.target.someurl.com\",\n \"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0\",\n \"Accept: application/json\",\n \"Accept-Language: en-US,en;q=0.5\",\n \"Accept-Encoding: gzip, deflate, br\",\n \"Referer: https://www.someurl.com\",\n \"Authorization: Bearer AdminToken\",\n \"Connection: keep-alive\",\n \"Cookie: cookie1=random; cookie2=random\"\n ],\n \"newHeaders\":[\n \"Host: www.target.someurl.com\",\n \"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:85.0) Gecko/20100101 Firefox/85.0\",\n \"Accept: application/json\",\n \"Accept-Language: en-US,en;q=0.5\",\n \"Accept-Encoding: gzip, deflate, br\",\n \"Referer: https://www.someurl.com\",\n \"Authorization: Bearer SimpleUserToken\",\n \"Connection: keep-alive\",\n \"Cookie: cookie1=random2; cookie2=random2\"\n ],\n \"requests\":{\n \"get\":[\n \"/api/v1/users/me/dashboard\",\n \"/api/v1/campaigns/kpis/chart\",\n \"/api/v1/users/4623\",\n \"/api/v1/users/4622\",\n \"/identity/.well-known/openid-configuration\"\n ],\n \"withBodies\":{\n \"post\":{\n \"urls\":[\n \"/api/v1/advertisers/3120/users/\"\n ],\n \"bodies\":[\n \"{\\\"isActive\\\":true,\\\"firstName\\\":\\\"httprequest\\\",\\\"lastName\\\":\\\"soufiane\\\",\\\"preference\\\":{\\\"culture\\\":\\\"en\\\"},\\\"roles\\\":[1],\\\"email\\\":\\\"soufianetahiri@gmail.com\\\"}\"\n ]\n }\n }\n }\n }\n\nYou can add as many headers as you want, the tool will parse and add them to the httpclient automatically.\n## Output sample\n![enter image description here](https://soufiane.website/imgs/httprequestplayer_.jpg)\n## ToDo\n\n - [ ] Handle exceptions \n - [ ] Support more methods (~~POST~~ PUT DELETE...) \n - [ ] Parse Burp requests\n - [ ] Add verbosity\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoufianetahiri%2FHttpRquestPlayer","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsoufianetahiri%2FHttpRquestPlayer","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsoufianetahiri%2FHttpRquestPlayer/lists"}