Joel Mun

Hi moshi, thanks for viewing my story. Judging from the source code (https://github.com/9oelM/elasticpwn/blob/main/core/util/http.go#L53), it should be duly possible. Also, even if you prepend http:// for all urls, elasticpwn should be smart enough to figure out which ones should be https by looking at the error from the server, and send a request with https again (supposedly if there's no bug). So yeah, the answer is yes. You can make the list like this and it should handle things properly:

http://123.123.123.123

https://111.111.111.111:443

https://111.144.144.144

15.15.15.15

15.15.15.14:443

--

--

Joel Mun

Joel Mun

High quality article or death. Code/Security stuffs, mostly related to React, Typescript, and Node, GoLang, Wasm. https://9oelm.github.io.