Encoder chain order

[calebmaxted]

Documentation conflicts with code regarding order of chained encoders

Context

Please check:

• I've read the docs for Wfuzz

Please describe your local environment:

Docker image: ghcr.io/xmendez/wfuzz

Report

What is the current behavior?

The order of the chained encoders works right-to-left. The resulting payload of "md5@sha1" is an md5 hash, not a sha1.

What is the expected or desired behavior?

From Specifying multiple encoders:

The above "sha1@none" parameter specification will encode the payload using the sha1 encoder and the result will be encoded again using the none encoder.

This line in the documentation suggests that "@" works left-to-right like a Unix pipe -- the result of the first encoder is processed by the second encoder. So the result of "md5@sha1" should be a sha1 hash of the md5 hash of the input.

Please provide steps to reproduce, including exact wfuzz command executed and output:

$ python3 -m http.server &

$ podman run -it --rm ghcr.io/xmendez/wfuzz wfuzz -z list,wfuzz,md5@sha1 http://192.168.99.229:8000/FUZZ
...
000000001:   404        14 L     37 W       469 Ch      "75ef6f2fd0d190a5d14fa59caa2a5436"                                                          
...

$ podman run -it --rm ghcr.io/xmendez/wfuzz sh
# wfencode -e sha1 wfuzz | wfencode -e md5 -i
75ef6f2fd0d190a5d14fa59caa2a5436

Other relevant information:

To keep it straight in my head, I look at it kind of like a composite function -- f(g(x)). E.g. md5(sha1(input)). This puts the encoders in the right order on the command line. Perhaps this could be a useful way to explain it in the documentation.