fixed issue with JSON POST data processing when JSON POST data is a l…

…ist containing JSON data. bumped version 1.4.
r0oth3x49 · Nov 20, 2024 · c10ae8e · c10ae8e
1 parent 67b43f0
commit c10ae8e
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 12 deletions.
diff --git a/ghauri/__init__.py b/ghauri/__init__.py
@@ -24,7 +24,7 @@
 
 """
 
-__version__ = "1.3.9"
+__version__ = "1.4"
 __author__ = "Nasir Khan (r0ot h3x49)"
 __license__ = "MIT"
 __copyright__ = "Copyright (c) 2016-2025 Nasir Khan (r0ot h3x49)"

diff --git a/ghauri/common/utils.py b/ghauri/common/utils.py
@@ -1261,17 +1261,18 @@ def is_deserializable(parameter, injection_type=""):
     pkey = parameter.key
     pvalue = parameter.value
     try:
-        b64totext = base64.b64decode(pvalue + "====").decode()
-        conf._deserialized_data = json.loads(b64totext)
-        message = "it appears that provided value for %sparameter '%s' " % (
-            "%s " % injection_type if injection_type != pkey else "",
-            pkey,
-        )
-        message += "is JSON deserializable. Do you want to inject inside? [y/N] "
-        if not conf._b64serialized_choice:
-            choice = logger.read_input(message, user_input="y", batch=conf.batch)
-            conf._b64serialized_choice = True
-        conf._isb64serialized = True
+        if base64.b64encode(base64.b64decode(pvalue)).decode() == pvalue:
+            b64totext = base64.b64decode(pvalue + "====").decode()
+            conf._deserialized_data = json.loads(b64totext)
+            message = "it appears that provided value for %sparameter '%s' " % (
+                "%s " % injection_type if injection_type != pkey else "",
+                pkey,
+            )
+            message += "is JSON deserializable. Do you want to inject inside? [y/N] "
+            if not conf._b64serialized_choice:
+                choice = logger.read_input(message, user_input="y", batch=conf.batch)
+                conf._b64serialized_choice = True
+            conf._isb64serialized = True
     except Exception as e:
         logger.debug(f"error while checking if value is deserializeble {e}")
     return conf._isb64serialized
@@ -1726,6 +1727,10 @@ def extract_json_data(data):
                 conf._json_post_data.append(
                     {"key": key, "value": "{}".format(value), "type": "JSON "}
                 )
+    else:
+        if isinstance(data, list):
+            for entry in data:
+                extract_json_data(entry)
     # logger.debug(conf._json_post_data)
     return conf._json_post_data