Patch

README.md

@@ -149,6 +149,7 @@ crimson_exploit -D "example.domain.com" -d "collaborator.com" -i "ip"
 #   - Turn off interception
 #   - Make active scan for proxied urls only in scope
 # 1. Start the script
+#   - If you didn't choose -a flag, go to /bounty/domain.tld/tested.domain.tld/temp and remove manually false positives entries in ferox.txt
 # 2. Check the output listed above (LISTS)
 # 3. Manually browse the application, click on all functionalities
 # 4. Copy whole target scope from Burp after manually browsing the target

crimson_exploit

@@ -50,12 +50,16 @@ PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/go
 ### WORKFLOW
 #
 # 0. Start BURP - optional step
+#   - Create new project - www.example.tld
+#   - Turn off interception
 # 1. Start vps listener and collaborator server
 # 2. Start the script
+#   - You will be asked to remove false positives from exp/dirs.txt and exp/params.txt
+#   - Remove them and enter the "fg" + ENTER to continue 
 # 3. Check the output listed above (LISTS)
-# 5. Look for [ID] [TIME] in oob.txt and compare it to pings on your vps / collaborator
-# 8. Check deserialization pings with manual payloads
-# 9. Start manual testing 
+# 4. Look for [ID] [TIME] in oob.txt and compare it to pings on your vps / collaborator
+# 5. Check deserialization pings with manual payloads
+# 6. Start manual testing 
 #
 ###
 

crimson_target

@@ -42,6 +42,7 @@ PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/go
 #   - Turn off interception
 #   - Make active scan for proxied urls only in scope
 # 1. Start the script
+#   - If you didn't choose -a flag, go to /bounty/tested.domain.tld/temp and remove manually false positives entries in ferox.txt
 # 2. Check the output listed above (LISTS)
 # 3. Manually browse the application, click on all functionalities
 # 4. Copy whole target scope from Burp after manually browsing the target