-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
headless: automerge and other improvements #3958
Conversation
Before$ nuclei -u https://projectdiscovery.io -t ~/test-templates/headlessparams.yaml -headless -v -debug-req -svd
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v2.9.9
projectdiscovery.io
[INF] Current nuclei version: v2.9.9 (latest)
[INF] Current nuclei-templates version: v9.5.8 (latest)
[INF] New templates added in latest release: 113
[INF] Templates loaded for current scan: 1
[INF] Targets loaded for current scan: 1
[DBG] Protocol request variables:
1. aa => xss
[INF] [poc] Dumped Headless request for https://projectdiscovery.io
[DBG] navigate url:https://projectdiscovery.io/?{{aa}}="><pwnd>
waitload
[DBG] Protocol response variables:
1. matched => https://projectdiscovery.io
2. data => <html lang="en" style="ov .... /div></div></body></html>
3. header => X-Proxy-Cache: MISS Via: .... oding Server: cloudflare
4. type => headless
5. template-id => poc
6. template-path => /Users/tarun/test-templates/headlessparams.yaml
7. host => https://projectdiscovery.io
8. status_code => 200
9. history => GET https://projectdiscov .... urity: max-age=31536000
10. template-info => {poc poc poc {medium} map[] <nil> }
11. aa => xss
12. req => navigate url:https://pro .... aa}}="><pwnd> waitload
[poc] [headless] [medium] https://projectdiscovery.io
|
After$ go run . -u "https://projectdiscovery.io/?url=abc&value=false" -t ~/test-templates/headlessparams.yaml -headless -v -debug-req -svd
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v2.9.9
projectdiscovery.io
[INF] Current nuclei version: v2.9.9 (latest)
[INF] Current nuclei-templates version: v9.5.8 (latest)
[INF] New templates added in latest release: 113
[INF] Templates loaded for current scan: 1
[INF] Targets loaded for current scan: 1
[DBG] Protocol request variables:
1. aa => xss
[DBG] Final Protocol request variables:
1. Scheme => https
2. File =>
3. Input => https://projectdiscovery.io
4. FQDN => projectdiscovery.io
5. DN => projectdiscovery
6. Hostname => projectdiscovery.io
7. Port => 443
8. aa => xss
9. SD =>
10. BaseURL => https://projectdiscovery.io
11. RootURL => https://projectdiscovery.io
12. TLD => io
13. Path =>
14. ip =>
15. Host => projectdiscovery.io
16. RDN => projectdiscovery.io
[INF] [poc] Dumped Headless request for https://projectdiscovery.io/?url=abc&value=false&xss="><pwnd>
[DBG] navigate => https://projectdiscovery.io/?url=abc&value=false&xss="><pwnd>
waitload
[DBG] Protocol response variables:
1. header => X-Proxy-Cache: MISS X-Cac .... -Control-Allow-Origin: *
2. status_code => 200
3. history => GET https://projectdiscov .... i}(window,document,_iub);
4. template-id => poc
5. aa => xss
6. host => https://projectdiscovery.io/?url=abc&value=false
7. req => navigate => https://proj .... &xss="><pwnd> waitload
8. data => <html lang="en" style="ov .... /div></div></body></html>
9. type => headless
10. template-info => {poc poc poc {medium} map[] <nil> }
11. template-path => /Users/tarun/test-templates/headlessparams.yaml
12. matched => https://projectdiscovery. .... &value=false&xss="><pwnd>
[poc] [headless] [medium] https://projectdiscovery.io/?url=abc&value=false&xss="><pwnd> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- typo in the function signature
Unrelated Notes:
- Template for testing from Query automerge not supported in headless mode #3919
id: poc
info:
name: poc
author: poc
severity: medium
tags: poc
headless:
- steps:
- args:
url: '{{BaseURL}}/?{{aa}}="><pwnd>'
action: navigate
- action: waitload
payloads:
aa:
- xss
- The concept of "Request" for headless has to be considered more in the context of progressive
Actions
with optional arguments, which is also the reason why I believe that headless syntax simplification and attributes unification #3846 will be ineffectual unless the actions are described in natural language.
@Mzack9999 i think
due to these difference i am not sure if we could simplify syntax in headless protocol
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm!
+1 for all the points @tarunKoyalwar - standard http should be always preferred for actions that do not specifically require headless
Proposed changes
BaseURL
andHostname
Checklist