@@ -463,12 +463,26 @@ def _generate_curls(self, url_obj: ParseResult):
463463 # [char_encode] - Url-Encoding
464464 if any (mode in {"all" , "char_encode" } for mode in self .current_bypass_modes ):
465465 char_urlencoded = format (ord (base_path [abc_index ]), "02x" )
466- cmd = [ * self . base_curl ,
467- f" { base_url } { base_path [: abc_index ] } % { char_urlencoded } { base_path [ abc_index + 1 :] } "
466+ single_encoded_path = f" { base_url } { base_path [: abc_index ] } % { char_urlencoded } { base_path [ abc_index + 1 :] } "
467+ cmd = [ * self . base_curl , single_encoded_path ]
468468 item = CurlItem (url_obj , self .base_curl , cmd , bypass_mode = "char_encode" , encoding = self .encoding ,
469469 target_ip = self .url_resolved_ip , debug = self .debug , ext_logger = self .logger )
470470 self .curl_items .add (item )
471471
472+ # New [char_encode] - Double URL-Encoding by encoding once more
473+ double_encoded_path = single_encoded_path .replace (f"%{ char_urlencoded } , f"%25{ char_urlencoded } )
474+ cmd = [* self .base_curl , double_encoded_path ]
475+ item = CurlItem (url_obj , self .base_curl , cmd , bypass_mode = "char_encode_double" , encoding = self .encoding ,
476+ target_ip = self .url_resolved_ip , debug = self .debug , ext_logger = self .logger )
477+ self .curl_items .add (item )
478+
479+ # New [char_encode] - Triple URL-Encoding by encoding once more
480+ triple_encoded_path = single_encoded_path .replace (f"%{ char_urlencoded } , f"%2525{ char_urlencoded } )
481+ cmd = [* self .base_curl , triple_encoded_path ]
482+ item = CurlItem (url_obj , self .base_curl , cmd , bypass_mode = "char_encode_triple" , encoding = self .encoding ,
483+ target_ip = self .url_resolved_ip , debug = self .debug , ext_logger = self .logger )
484+ self .curl_items .add (item )
485+
472486 # Verbose/debug print
473487 if self .verbose and not self .dump_payloads :
474488 self .logger .info (f"Payloads to test: { len (self .curl_items )} )
0 commit comments