Using `-headless` in combination with `-automatic-form-fill` prevents form submission #656

acardnell-intruder · 2023-11-08T17:34:43Z

Version 1.0.4

Running Katana with -headless and -automatic-form-fill no longer submits POST requests.

Any rendered forms to be submitted in a similar fashion to the non-headless mode.

Running the following command:

katana -u http://testphp.vulnweb.com -automatic-form-fill -proxy http://localhost:8080

I see these requests (proxied through Burp shown above):

However, if I run the same command with the addition of the -headless option, I no longer see the POST requests of the forms being sent.

If you need any more information let me know.

The text was updated successfully, but these errors were encountered:

acardnell-intruder · 2023-11-13T21:52:26Z

So I did a bit more investigation and found that if I run the command with the -verbose flag I see the following output in the console:

However, when monitoring those same requests it seems the POST requests are actually sent as GET requests with no arguments:

ricky-algorime · 2024-03-20T18:17:17Z

yea, not fixed in 1.0.5

acardnell-intruder added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Nov 8, 2023

Provide feedback