From 8d26db4931164ccf9d2fd9bf8cdbaa63f1ddbdc2 Mon Sep 17 00:00:00 2001 From: Aldo Cortesi Date: Tue, 7 Aug 2012 23:19:48 +1200 Subject: Docs. --- libpathod/templates/docs_pathoc.html | 61 ++++++++++++++++++++++++++++++++++++ libpathod/templates/docs_pathod.html | 3 +- libpathod/templates/docs_test.html | 2 +- 3 files changed, 64 insertions(+), 2 deletions(-) (limited to 'libpathod/templates') diff --git a/libpathod/templates/docs_pathoc.html b/libpathod/templates/docs_pathoc.html index c1799e49..e1bef4d5 100644 --- a/libpathod/templates/docs_pathoc.html +++ b/libpathod/templates/docs_pathoc.html @@ -7,11 +7,38 @@ +

Pathoc is a perverse HTTP daemon designed to let you craft almost any +conceivable HTTP request, including ones that creatively violate the standards. +HTTP requests are specified using a small, terse +language, which pathod shares with its server-side twin pathod. To view pathoc's complete range of options, use +the command-line help:

+ + 
pathoc --help

Getting Started

+ +

The basic pattern for pathoc commands is as follows:

+ + 
pathoc hostname request [request ...]
+ +

That is, we specify the hostname to connect to, followed by one or more + requests. Lets start with a simple example:

+ + 
> pathoc google.com get:/
+<< 301 Moved Permanently: 219 bytes
+ +

Here, we make a GET request to the path / on port 80 of google.com. + Pathoc's output tells us that the server responded with a 301. We can tell + pathoc to connect using SSL, in which case the default port is changed to + 443 (you can over-ride the default port with the -p command-line + option):

+ + 
> pathoc -s google.com get:/
+<< 301 Moved Permanently: 219 bytes
@@ -21,6 +48,40 @@

Basic Fuzzing

+

The combination of pathoc's powerful request specification language and + a few of its command-line options makes for quite a powerful basic fuzzer. + Here's an example:

+ + 
> pathoc -t 2 -n 1000 localhost get:/:b@10:ir,@1
+ +

The request specified here is a valid GET with a body consisting of 10 + random bytes, but with 1 random byte inserted in a random place. This could + be in the headers, in the initial request line, or in the body itself. + Corrupting the request in this way will often make the server enter a state + where it's awaiting more input from the client. This is where the -t + option comes in, which sets a timeout that causes pathoc to disconnect + after two seconds. Finally, the -n option tells pathoc to repeat the + request 1000 times.

+ + + + +
+ +
+

Interacting with Proxies

+
+ +

At the moment, pathoc has no explicit support for proxies, but there's a + workaround that serves many use cases. Instead of specifying just a path, + specify an entire URL to the GET request, like so (assuming there's a proxy + running on port 8080 of localhost):

+ + 
> pathoc -p 8080 localhost "get:'http://google.com'"
+ +

Proxy support is going to be a major focus of development for the next + version of pathoc, so keep an eye on the repo.

+
diff --git a/libpathod/templates/docs_pathod.html b/libpathod/templates/docs_pathod.html index d1a4af5a..8b345d71 100644 --- a/libpathod/templates/docs_pathod.html +++ b/libpathod/templates/docs_pathod.html @@ -11,7 +11,8 @@

Pathod is a pathological HTTP daemon designed to let you craft almost any conceivable HTTP response, including ones that creatively violate the standards. HTTP responses are specified using a small, -terse language, which pathod shares with its evil twin pathoc.

+terse language, which pathod shares with its evil twin pathoc.

diff --git a/libpathod/templates/docs_test.html b/libpathod/templates/docs_test.html index b4c3390f..b40ca919 100644 --- a/libpathod/templates/docs_test.html +++ b/libpathod/templates/docs_test.html @@ -29,7 +29,7 @@
-

Context Decorator

+

Context Manager

{% include "examples_context.html" %}
-- cgit v1.2.3