Value Replacing in Scripts Not Working

[chirinosky]

Issue template

Context

Please check:

• I've read the docs for Wfuzz

Please describe your local environment:

Wfuzz version: 2.4.5

Python version: 3.8.3

OS: Parrot Linux

Report

What is the current behavior?

The value|replace('/', '') filter is not being processed when calling wfuzz.fuzz() from a script.

What is the expected or desired behavior?

The payload should be modified prior to making requests. For instance, with the URL http://testphp/vulnweb.com/FUZZ and a payload containing /admin, the request should be made to http://testphp/vulnweb.com/admin, not http://testphp/vulnweb.com//admin.

Please provide steps to reproduce, including exact wfuzz command executed and output:

This issue may be reproduced with the quickhits SecLists wordlist: https://github.com/danielmiessler/SecLists/blob/master/Discovery/Web-Content/quickhits.txt and the URL http://testphp.vulnweb.com/FUZZ

import wfuzz
USERAGENT = ("User-Agent", "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36")
WORDLIST = "/path/to/seclists/Discovery/Web-Content/quickhits.txt"
URL = "http://testphp.vulnweb.com/FUZZ"

for r in wfuzz.fuzz(url=URL,
                    hc=["XXX",400,403,404],
                    scanmode=True,
                    concurrent=100,
                    follow=True
                    headers=[USERAGENT],
                    payloads=[("file", dict(default=WORDLIST), "FUZZ|replace('/', '')")]:
    print(f"{r.code}\t{r.url}")

The results return double forward slashes.

Other relevant information:

Using the slice in the command line doesn't seem to work either.

wfuzz -Z -c -w /path/to/seclists/Discovery/Web-Content/quickhits.txt -p localhost:8080 --hc XXX,400,403,404 -L -t 100 --slice "FUZZ|r('/', '')" http://testphp.vulnweb.com/FUZZ

[xmendez]

duplicated by #140