🔌Network
Lotus has a built-in flexible HTTP module to handle complex scenarios, because this project is mainly focus on web security scanning, but that doesn't mean you cannot preform another type of connections in fact you can use whatever you want with lotus
Our team has been developing a separate libraries for lua in Rust (https://luarocks.org/modules/knas), to ensure that libraries is working safety with lotus but you can use whatever you want of libraies that written in languages like C or C++
HTTP Requests
Your lua script must call the HTTP lua class whose methods are assigned to the rust HTTP module in order to send HTTP requests
Send any method that you wish with a body and headers, but make sure that the headers are in Lua tables rather than strings
Sending normal GET request
Using the 'http:send()' function will permit you to send an HTTP request directly, but make sure you add the method and the URL first since these fields are required by the function Keep in mind that http:send
takes the connection options from the user options. If you need to change the connection options for your script, you can visit #change-the-request.
by adding this line you will call the https://google.com
with GET method you will recive table with the response body/headers/url
Sending POST Requests
Change the request
You can change the default http connection options of your script
Connection timeout
limits of redirects
Custom Proxy
keep in mind this will only works in your script not in all scripts, so every time you call http:send
function, the options that you changed will be called
Handle Connection Errors
When using the "http:send" function, you might encounter a connections error because of the target response, so to ensure your script is not panicked, call the function within the protect function in the Lua language. This statement only returns a boolean value indicating whether the function has errors or not. For more information about pcall, please see the following link.
Also you can tell lotus about the error by adding a logging lines for it
what if you want to check for custom error message ?
For example, if you have a Time-based Blind SQL Scanner, the only way to determine whether a parameter is vulnerable is to set your Connection Timeout to a value lower than the value for the SQL SLEEP Function
Therefore, you must verify whether the error was caused by a connection timeout or not
This can be accomplished by adding this function to your LUA script, and then sending the pcall error output to the function along with the error string message
Connection ERROR Table
Last updated