Add BypassFirstRequestValidation (#151)

Author: Hannah-PortSwigger

CustomAction/BypassFirstRequestValidation.bambda

@@ -0,0 +1,26 @@
+id: 996d9f0d-1113-46c1-b731-4e6918013604
+name: Bypass first-request validation
+function: CUSTOM_ACTION
+location: REPEATER
+source: |
+  /**
+   * This hides your repeater request behind an innocent GET request. It's useful for bypassing server-level validation sometimes.
+   * 
+   * @author James Kettle (https://github.com/albinowax)
+   *
+   * Try it out on the Academy lab here: https://portswigger.net/web-security/host-header/exploiting#connection-state-attacks
+   *
+   **/
+  var connectionId = utilities().randomUtils().randomString(8);
+  var options = RequestOptions.requestOptions().withConnectionId(connectionId).withHttpMode(HttpMode.HTTP_1);
+  
+  // Send a simple GET / HTTP/1.1 to the target as the precusor request
+  var url = requestResponse.request().url();
+  var precursorRequest = HttpRequest.httpRequestFromUrl(url); 
+  precursorRequest = precursorRequest.withPath("/").withHeader("Connection", "keep-alive");
+  
+  // Send the attack in the repeater, and update the response pane
+  api().http().sendRequest(precursorRequest, options);
+  var response = api().http().sendRequest(requestResponse.request(), options);
+  httpEditor.responsePane().set(response.response().toByteArray());
+