-
Notifications
You must be signed in to change notification settings - Fork 183
HTTP and Network Options
Wapiti offers several options to control the behavior of HTTP requests and network connections during a scan. These options allow you to configure timeouts, customize headers, set the user-agent, and verify SSL certificates.
The --timeout option allows you to specify the maximum time (in seconds) that Wapiti will wait for a response to an HTTP request. If the server takes longer than the specified time to respond, the request is considered a failure.
Usage:
wapiti -u http://example.com --timeout 10
In this example, Wapiti will wait for a maximum of 10 seconds for each HTTP response before timing out.
The --header option allows you to inject custom HTTP headers into every request sent by Wapiti. This can be useful for mimicking specific client behavior or bypassing certain restrictions.
- You can use this option multiple times to set multiple headers.
- The value should be in the format of a standard HTTP header (parameter and value separated by a colon).
Usage:
wapiti -u http://example.com -H "Authorization: Bearer <token>" -H "Custom-Header: Value"
This example adds an authorization token and a custom header to every request.
By default, Wapiti uses the same User-Agent string as the TorBrowser, which allows for discreet crawling of standard websites and .onion domains. However, you can change the User-Agent with this option if needed to bypass site-specific restrictions.
Usage:
wapiti -u http://example.com --user-agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64)"
This example sets the User-Agent to mimic a Windows 10 machine using a 64-bit browser.
By default, Wapiti does not validate SSL certificates, allowing scans to proceed even if the target site's certificates are not properly configured. You can change this behavior by passing a value of 1 to this option, enabling SSL certificate verification.
Usage:
wapiti -u https://example.com --verify-ssl 1
This example ensures that Wapiti will only scan sites with valid SSL certificates.