glitchedgitz / grroxy-issues Goto Github PK

on the list command, it seems that the projects are sorted by update date (why not, it's not a bad idea)

But what I'm not sure to understand is the index, the index doesn't seem to be an ID linked to the project but rather a temporary display index. So the ID for a project will change from one execution to another. It means that in the future is there is a resume command, we won't be able to rely on the index. Since the name is not unique it can't be 100% reliable too, meaning the only unique key will be the location path, which is not handy. so I believe a unique and permanent index should be linked to a project instead. So it will become a identifier (absolute) rather than an index number (relative to the sorting).

feature suggestion

add a butoon to clear the history (maybe there is but I can't find it)

While in the webUI, trying to start a simpple fuzz :

A click on the notif could/should lead us to the opened fuzz pane in the playground :

On the playground, results are not shown yet but works after a refresh. Having here a prefix or color code to easily differentiate the different tasks would be super nice :

Starting the fuzz with a simple list and two threads (be gentle, default might/could be 5 to avoid "DOS by default" behavior for newcomers 🌹

Sadly, no results are shown after (incredibly fast??) completion :

I assume ffuf isn't found, yet it's present in my system (not default path maybe?), and there seems to not be any settings to specify the way to invoke it ?

Thaaaat being said, the work already done is truly impressive. Good job, and I'm really looking forward using your tool more!

Side note (not worth a full issue), I played a bit with the testSql & testCommand endpoints, allowing (you guessed it) post-auth command execution. This isn't something we'll be avoid with such tool and needs of "binary to run" configuration. But the auth and routing systems seems to be in place, working properly, and with no trivial bypass, congratz ! 🌻

Have a lovely day,
Laluka

On repeater, the contextual menu is working but on intruder it's empty

Whenever I click on another playground and go back and forth in the intruder tab history, the payload settings are reset to the defaults

Actually, marks as sorted alphabetically.

I'd suggest sorting them by risk level, so it would feel more natural, because actually it feels like it is not sorted.

1. info
2. low
3. medium
4. high

Idk for leak.

using list to resume a project isn't obvious

another issue with the list command is that it's interactive

so it could be nice to add a resume command with the index or location or project name as parameter so we could resume a project in an interactive way.

It's decoding the URL

platform: windows

Error when trying to create a new GRROXY project.

It looks like because I already created other project before it outputs this error.

is it a feature or a bug?

When I search for the Seclists wordlists raft-small-words.txt(https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/raft-small-words.txt), I get no results. Should I install Seclists on my machine? If so, in which folder?

Also, all the web buttons add the same wordlists widget, so I think it's best to leave only wordlists in the menu, don't you?

Switching to HTTP2 doesn't dynamically changing the HTTP header as well

When a request is sent to the repeater, a ":" character is added to the end of the domain.

This character can lead to confusion, although I think you put it here so that we know we can add a custom port if we need to. I don't think the ":" is useful and it makes sense to add it if we need it.

This black box appears on right click

I think the drop and forward buttons shouldn't be displayed on the history tab but only for the intercept tab.

Add a button to display the visual rendering of the page in response to the request.
For exemple here :

Compared to burp :

I find it quite useful to have a quick overview of the page during multiple requests that can change the body of the response.

bug windows

Forward, Drop and Intercept not wotking on the Proxy Section.

When clicking on the "Rename", "Duplicate All", "Duplicate Content" tabs, the drop-down menu remains open, which isn't very UX-friendly.
It should close when one of these tabs is clicked, as it does when the "delete" button is clicked.

feature suggestion

create tooltips for each functionality/button/area.

I can't see how to close the tabs in the playground. There's no button to easily close them.

Having 2 instances at the same time is not possible right now.

Launching a second instance:

• It fails with Error: unknown command "create" for "grroxy-linux" instead of saying that the host:port is already in use, that's very weird
• It would be nice to have an option specify the host and port for the webUI, so one could host that on something else than localhost have a way around is the port is already taken, so adding --ui-host and --ui-port options
• Same but for the proxy (8888), --proxy-host and --proxy-port options
• Same but for what whatever is running on 127.0.0.1:10080, SOCKS proxy?

The options should not be only available for the create command but also for the list command when resuming an existing project.

Playgrounds are randomly disappearing forever

• can't rename tabs
• can't close / remove tabs
• can't move / drag tabs

I guess a contextual menu could be added. maybe it was working on the desktop client but not on the webui?

When creating a new tab, I expect it to be a copy of the current one or a blank one, but instead a detectportal.firefox.com is populated.

I can create a diff tab, but it would be nice to have 'sent to diff' on contextual menu on HTTP request / answers as well.

feature suggestion

Add a context menu on right click and cancel the default one