Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove duplicated outputwriter(interactsh) call #4042

Closed
wants to merge 1 commit into from
Closed

remove duplicated outputwriter(interactsh) call #4042

wants to merge 1 commit into from

Conversation

tarunKoyalwar
Copy link
Member

@tarunKoyalwar tarunKoyalwar commented Aug 11, 2023
edited
Loading

Proposed Changes

Before

$ nuclei  -u http://target -t ~/test-templates/interactsh-matcher-dup.yaml 

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.9.10

		projectdiscovery.io

[INF] Current nuclei version: v2.9.10 (latest)
[INF] Current nuclei-templates version: v9.6.0 (latest)
[INF] New templates added in latest release: 33
[INF] Templates loaded for current scan: 1
[INF] Targets loaded for current scan: 1
[INF] Using Interactsh Server: oast.site
[CVE-2023-26067] [http] [high] http://target/cgi-bin/fax_change_faxtrace_settings
[CVE-2023-26067] [http] [high] http://target/cgi-bin/fax_change_faxtrace_settings

After

$  go run . -u http://target -t ~/test-templates/interactsh-matcher-dup.yaml 

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.9.11-dev

		projectdiscovery.io

[INF] Current nuclei version: v2.9.11-dev (development)
[INF] Current nuclei-templates version: v9.6.0 (latest)
[INF] New templates added in latest release: 33
[INF] Templates loaded for current scan: 1
[INF] Targets loaded for current scan: 1
[INF] Using Interactsh Server: oast.live
[CVE-2023-26067] [http] [high] http://target/cgi-bin/fax_change_faxtrace_settings

@tarunKoyalwar tarunKoyalwar self-assigned this Aug 11, 2023
@tarunKoyalwar tarunKoyalwar linked an issue Aug 11, 2023 that may be closed by this pull request
duplicate output when interactsh matcher is used in matcher #4041
Closed
@tarunKoyalwar tarunKoyalwar marked this pull request as ready for review August 11, 2023 14:36
dogancanbakir
dogancanbakir approved these changes Aug 14, 2023
View reviewed changes
Copy link
Member

@dogancanbakir dogancanbakir left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

$ go run . -t http/cves/2023/CVE-2023-26067.yaml -u http://target

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.9.11-dev

                projectdiscovery.io

[INF] Current nuclei version: v2.9.11-dev (development)
[INF] Current nuclei-templates version: v9.6.1 (latest)
[INF] New templates added in latest release: 198
[INF] Templates loaded for current scan: 1
[INF] Targets loaded for current scan: 1
[INF] Using Interactsh Server: oast.live
[CVE-2023-26067] [http] [high] http://target/cgi-bin/fax_change_faxtrace_settings

Mzack9999
Mzack9999 requested changes Aug 14, 2023
View reviewed changes
Copy link
Member

@Mzack9999 Mzack9999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When there is only one interactsh matcher it doesn't seem to work:

$ cat test.yaml
id: test

info:
  name: test
  author: test
  severity: info
  description: test
  tags: cve

http:
  - raw:
      - |
        POST / HTTP/1.1
        Host: {{Hostname}}
        
        {{interactsh-url}}

    matchers:
      - type: dsl
        dsl:
          - contains(interactsh_protocol, 'http')
$ go run . -u https://scanme.sh -t test.yaml -v -debug

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.9.11-dev

                projectdiscovery.io

[INF] Current nuclei version: v2.9.11-dev (development)
[INF] Current nuclei-templates version: v9.6.1 (latest)
[INF] New templates added in latest release: 198
[INF] Templates loaded for current scan: 1
[INF] Targets loaded for current scan: 1
[INF] Using Interactsh Server: oast.site
[INF] [CVE-2023-26067] Dumped HTTP request for https://scanme.sh/

POST / HTTP/1.1
Host: scanme.sh
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36
Connection: close
Content-Length: 43
Accept-Encoding: gzip

cjcud9h3gitpq7sf2qm0isfmffn9qiusz.oast.site
[DBG] [CVE-2023-26067] Dumped HTTP response https://scanme.sh/

HTTP/1.1 200 OK
Connection: close
Content-Length: 2
Content-Type: text/plain; charset=utf-8
Date: Mon, 14 Aug 2023 08:32:40 GMT

ok
[cjcud9h3gitpq7sf2qm0isfmffn9qiusz] Received HTTP interaction from xx.xx.xx.xx at 2023-08-14 08:32:42
------------
HTTP Request
------------

GET / HTTP/1.1
Host: cjcud9h3gitpq7sf2qm0isfmffn9qiusz.oast.site
Accept-Encoding: gzip
Connection: close
User-Agent: Go-http-client/1.1




------------
HTTP Response
------------

HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=utf-8
Server: oast.site
X-Interactsh-Version: 1.1.5

<html><head></head><body>zsuiq9nffmfsi0mq2fs7qptig3h9ducjc</body></html>

The file github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/request.go was patched to simulate requests to the generated urls with the following snippet:

for _, u := range generatedRequest.interactshURLs {
	httpclient.Get(u)
}

@tarunKoyalwar tarunKoyalwar marked this pull request as draft August 16, 2023 12:38
@tarunKoyalwar tarunKoyalwar marked this pull request as ready for review August 16, 2023 12:48
@tarunKoyalwar
Copy link
Member Author

@Mzack9999 . closing this PR as implementation needs to be revisited completely -> more info at #4041 (comment)

will create new PR with new implementation

@tarunKoyalwar tarunKoyalwar deleted the issue-4041-duplicate-writer-event branch August 16, 2023 12:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mzack9999 Mzack9999 Mzack9999 requested changes

@ehsandeep ehsandeep ehsandeep approved these changes

@dogancanbakir dogancanbakir dogancanbakir approved these changes

Assignees

@tarunKoyalwar tarunKoyalwar

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

duplicate output when interactsh matcher is used in matcher
4 participants
@tarunKoyalwar @ehsandeep @Mzack9999 @dogancanbakir