From cced34f974db9ce02b156ce101467357f166fd42 Mon Sep 17 00:00:00 2001
From: "T. Alexander Lystad" <alexander.lystad@gmail.com>
Date: Fri, 10 Jul 2020 22:19:59 +0200
Subject: [PATCH] Support multiple blind xss payloads

Currently only a single payload is supported. After this change, users can configure a single value, or a tuple with multiple values, in the configuration file.
---
 modes/crawl.py | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/modes/crawl.py b/modes/crawl.py
index 57efe2b3..288553d7 100644
--- a/modes/crawl.py
+++ b/modes/crawl.py
@@ -58,6 +58,12 @@ def crawl(scheme, host, main_url, form, blindXSS, blindPayload, headers, delay,
                                     except IndexError:
                                         pass
                             if blindXSS and blindPayload:
-                                paramsCopy[paramName] = blindPayload
-                                requester(url, paramsCopy, headers,
-                                          GET, delay, timeout)
+                                if type(blindPayload) is tuple:
+                                    for x in blindPayload:
+                                        paramsCopy[paramName] = x
+                                        requester(url, paramsCopy, headers,
+                                                  GET, delay, timeout)
+                                else:
+                                    paramsCopy[paramName] = blindPayload
+                                    requester(url, paramsCopy, headers,
+                                              GET, delay, timeout)