This PHP script automates and chains HTTP requests, extracting values from headers or body and use them for the next requests. Very useful for penetration tests.
It has been ispired by a business-logic challenge of Port Swigger:
Every JSON object is an HTTP request with specific parameters:
- **url**: the URL to request
- **method**: GET|POST (you could also use PUT, DELETE, etc, but not yet tested!)
- **headers**: a JSON array with all headers you want to send with the request
- **body**: the body of the request in case you send a POST request
- **header-regexp**: an array of regular expressions you want to use to extract values from the headers. IMPORTANT: only the first value per regexp will be matched
- **body-regexp**: like header-regexp, but the values will be matched against the response body
- **extra_guzzle_options**: array of extra Guzzle options. Here you can find a full list of options: https://docs.guzzlephp.org/en/stable/request-options.html