-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
remove duplicated outputwriter(interactsh) call #4042
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
$ go run . -t http/cves/2023/CVE-2023-26067.yaml -u http://target
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v2.9.11-dev
projectdiscovery.io
[INF] Current nuclei version: v2.9.11-dev (development)
[INF] Current nuclei-templates version: v9.6.1 (latest)
[INF] New templates added in latest release: 198
[INF] Templates loaded for current scan: 1
[INF] Targets loaded for current scan: 1
[INF] Using Interactsh Server: oast.live
[CVE-2023-26067] [http] [high] http://target/cgi-bin/fax_change_faxtrace_settings
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When there is only one interactsh matcher it doesn't seem to work:
$ cat test.yaml
id: test
info:
name: test
author: test
severity: info
description: test
tags: cve
http:
- raw:
- |
POST / HTTP/1.1
Host: {{Hostname}}
{{interactsh-url}}
matchers:
- type: dsl
dsl:
- contains(interactsh_protocol, 'http')
$ go run . -u https://scanme.sh -t test.yaml -v -debug
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v2.9.11-dev
projectdiscovery.io
[INF] Current nuclei version: v2.9.11-dev (development)
[INF] Current nuclei-templates version: v9.6.1 (latest)
[INF] New templates added in latest release: 198
[INF] Templates loaded for current scan: 1
[INF] Targets loaded for current scan: 1
[INF] Using Interactsh Server: oast.site
[INF] [CVE-2023-26067] Dumped HTTP request for https://scanme.sh/
POST / HTTP/1.1
Host: scanme.sh
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.124 Safari/537.36
Connection: close
Content-Length: 43
Accept-Encoding: gzip
cjcud9h3gitpq7sf2qm0isfmffn9qiusz.oast.site
[DBG] [CVE-2023-26067] Dumped HTTP response https://scanme.sh/
HTTP/1.1 200 OK
Connection: close
Content-Length: 2
Content-Type: text/plain; charset=utf-8
Date: Mon, 14 Aug 2023 08:32:40 GMT
ok
[cjcud9h3gitpq7sf2qm0isfmffn9qiusz] Received HTTP interaction from xx.xx.xx.xx at 2023-08-14 08:32:42
------------
HTTP Request
------------
GET / HTTP/1.1
Host: cjcud9h3gitpq7sf2qm0isfmffn9qiusz.oast.site
Accept-Encoding: gzip
Connection: close
User-Agent: Go-http-client/1.1
------------
HTTP Response
------------
HTTP/1.1 200 OK
Connection: close
Content-Type: text/html; charset=utf-8
Server: oast.site
X-Interactsh-Version: 1.1.5
<html><head></head><body>zsuiq9nffmfsi0mq2fs7qptig3h9ducjc</body></html>
The file github.com/projectdiscovery/nuclei/v2/pkg/protocols/http/request.go
was patched to simulate requests to the generated urls with the following snippet:
for _, u := range generatedRequest.interactshURLs {
httpclient.Get(u)
}
@Mzack9999 . closing this PR as implementation needs to be revisited completely -> more info at #4041 (comment) will create new PR with new implementation |
Proposed Changes
Before
After