nuclei/pkg/protocols/headless/engine/http_client.go

package engine

import (
	"context"
	"crypto/tls"
	"fmt"
	"net"
	"net/http"
	"net/http/cookiejar"
	"net/url"
	"time"

	"golang.org/x/net/proxy"

	"github.com/projectdiscovery/fastdialer/fastdialer/ja3/impersonate"
	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"
	"github.com/projectdiscovery/nuclei/v3/pkg/protocols/utils"
	"github.com/projectdiscovery/nuclei/v3/pkg/types"
)

// newHttpClient creates a new http client for headless communication with a timeout
func newHttpClient(options *types.Options) (*http.Client, error) {
	dialers := protocolstate.GetDialersWithId(options.ExecutionId)
	if dialers == nil {
		return nil, fmt.Errorf("dialers not initialized for %s", options.ExecutionId)
	}
	// Set the base TLS configuration definition
	tlsConfig := &tls.Config{
		Renegotiation:      tls.RenegotiateOnceAsClient,
		InsecureSkipVerify: true,
		MinVersion:         tls.VersionTLS10,
	}

	if options.SNI != "" {
		tlsConfig.ServerName = options.SNI
	}

	// Add the client certificate authentication to the request if it's configured
	var err error
	tlsConfig, err = utils.AddConfiguredClientCertToRequest(tlsConfig, options)
	if err != nil {
		return nil, err
	}

	transport := &http.Transport{
		ForceAttemptHTTP2: options.ForceAttemptHTTP2,
		DialContext:       dialers.Fastdialer.Dial,
		DialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
			if options.TlsImpersonate {
				return dialers.Fastdialer.DialTLSWithConfigImpersonate(ctx, network, addr, tlsConfig, impersonate.Random, nil)
			}
			if options.HasClientCertificates() || options.ForceAttemptHTTP2 {
				return dialers.Fastdialer.DialTLSWithConfig(ctx, network, addr, tlsConfig)
			}
			return dialers.Fastdialer.DialTLS(ctx, network, addr)
		},
		MaxIdleConns:        500,
		MaxIdleConnsPerHost: 500,
		MaxConnsPerHost:     500,
		TLSClientConfig:     tlsConfig,
	}
	if options.AliveHttpProxy != "" {
		if proxyURL, err := url.Parse(options.AliveHttpProxy); err == nil {
			transport.Proxy = http.ProxyURL(proxyURL)
		}
	} else if options.AliveSocksProxy != "" {
		socksURL, proxyErr := url.Parse(options.AliveSocksProxy)
		if proxyErr != nil {
			return nil, err
		}
		dialer, err := proxy.FromURL(socksURL, proxy.Direct)
		if err != nil {
			return nil, err
		}

		dc := dialer.(interface {
			DialContext(ctx context.Context, network, addr string) (net.Conn, error)
		})
		transport.DialContext = dc.DialContext
	}

	jar, _ := cookiejar.New(nil)

	httpclient := &http.Client{
		Transport: transport,
		Timeout:   time.Duration(options.Timeout*3) * time.Second,
		Jar:       jar,
		CheckRedirect: func(req *http.Request, via []*http.Request) error {
			// the browser should follow redirects not us
			return http.ErrUseLastResponse
		},
	}

	return httpclient, nil
}
Add headless chrome based templates support (#562) 2021-02-21 16:31:34 +05:30			`package engine`

			`import (`
Adding proxy socks support to headless browser 2021-10-20 00:02:06 +02:00			`"context"`
Add headless chrome based templates support (#562) 2021-02-21 16:31:34 +05:30			`"crypto/tls"`
Remove singletons from Nuclei engine (continuation of #6210) (#6296) * introducing execution id * wip * . * adding separate execution context id * lint * vet * fixing pg dialers * test ignore * fixing loader FD limit * test * fd fix * wip: remove CloseProcesses() from dev merge * wip: fix merge issue * protocolstate: stop memguarding on last dialer delete * avoid data race in dialers.RawHTTPClient * use shared logger and avoid race conditions * use shared logger and avoid race conditions * go mod * patch executionId into compiled template cache * clean up comment in Parse * go mod update * bump echarts * address merge issues * fix use of gologger * switch cmd/nuclei to options.Logger * address merge issues with go.mod * go vet: address copy of lock with new Copy function * fixing tests * disable speed control * fix nil ExecuterOptions * removing deprecated code * fixing result print * default logger * cli default logger * filter warning from results * fix performance test * hardcoding path * disable upload * refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg` Signed-off-by: Dwi Siswanto <git@dw1.io> * Revert "disable upload" This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682. * Revert "hardcoding path" This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00. --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com> 2025-07-09 14:47:26 -05:00			`"fmt"`
Adding proxy socks support to headless browser 2021-10-20 00:02:06 +02:00			`"net"`
Add headless chrome based templates support (#562) 2021-02-21 16:31:34 +05:30			`"net/http"`
Making headless httpclient more similar to real browsers 2021-10-20 13:26:47 +02:00			`"net/http/cookiejar"`
Fixing http proxy not working in headless browser 2021-10-18 09:32:38 +02:00			`"net/url"`
Add headless chrome based templates support (#562) 2021-02-21 16:31:34 +05:30			`"time"`

refactor: uniformly sorted imports 2021-11-25 17:09:20 +02:00			`"golang.org/x/net/proxy"`

Adding random tls impersonate (#3844) * adding random tls impersonate * dep update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-06-21 13:47:18 +02:00			`"github.com/projectdiscovery/fastdialer/fastdialer/ja3/impersonate"`
nuclei v3 : misc updates (#4247) * use parsed options while signing * update project layout to v3 * fix .gitignore * remove example template * misc updates * bump tlsx version * hide template sig warning with env * js: retain value while using log * fix nil pointer derefernce * misc doc update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-10-17 17:44:13 +05:30			`"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/protocolstate"`
			`"github.com/projectdiscovery/nuclei/v3/pkg/protocols/utils"`
			`"github.com/projectdiscovery/nuclei/v3/pkg/types"`
Add headless chrome based templates support (#562) 2021-02-21 16:31:34 +05:30			`)`

refactor/documentation: typos and grammatical errors 2021-11-25 18:54:16 +02:00			`// newHttpClient creates a new http client for headless communication with a timeout`
			`func newHttpClient(options types.Options) (http.Client, error) {`
Remove singletons from Nuclei engine (continuation of #6210) (#6296) * introducing execution id * wip * . * adding separate execution context id * lint * vet * fixing pg dialers * test ignore * fixing loader FD limit * test * fd fix * wip: remove CloseProcesses() from dev merge * wip: fix merge issue * protocolstate: stop memguarding on last dialer delete * avoid data race in dialers.RawHTTPClient * use shared logger and avoid race conditions * use shared logger and avoid race conditions * go mod * patch executionId into compiled template cache * clean up comment in Parse * go mod update * bump echarts * address merge issues * fix use of gologger * switch cmd/nuclei to options.Logger * address merge issues with go.mod * go vet: address copy of lock with new Copy function * fixing tests * disable speed control * fix nil ExecuterOptions * removing deprecated code * fixing result print * default logger * cli default logger * filter warning from results * fix performance test * hardcoding path * disable upload * refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg` Signed-off-by: Dwi Siswanto <git@dw1.io> * Revert "disable upload" This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682. * Revert "hardcoding path" This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00. --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com> 2025-07-09 14:47:26 -05:00			`dialers := protocolstate.GetDialersWithId(options.ExecutionId)`
			`if dialers == nil {`
			`return nil, fmt.Errorf("dialers not initialized for %s", options.ExecutionId)`
			`}`
Client certificate authentication for headless connections 2021-10-21 13:48:13 -04:00			`// Set the base TLS configuration definition`
			`tlsConfig := &tls.Config{`
			`Renegotiation: tls.RenegotiateOnceAsClient,`
			`InsecureSkipVerify: true,`
Adding Client TLS1.0 (#2091) * Adding Client TLS1.0 * bumping fastdialer version 2022-06-04 14:15:16 +02:00			`MinVersion: tls.VersionTLS10,`
Client certificate authentication for headless connections 2021-10-21 13:48:13 -04:00			`}`

Adding global SNI support for HTTP protocol via CLI (#1964) * Adding global SNI support via CLI * adding integration test * adding cli option to docs * reverting deleted test 2022-05-11 12:30:39 +02:00			`if options.SNI != "" {`
			`tlsConfig.ServerName = options.SNI`
			`}`

Switch logic to a shared package 2021-10-27 12:11:42 -04:00			`// Add the client certificate authentication to the request if it's configured`
Improving error handling in client certificate library (#1237) 2021-11-10 18:12:49 +01:00			`var err error`
			`tlsConfig, err = utils.AddConfiguredClientCertToRequest(tlsConfig, options)`
			`if err != nil {`
			`return nil, err`
			`}`
Client certificate authentication for headless connections 2021-10-21 13:48:13 -04:00
Add headless chrome based templates support (#562) 2021-02-21 16:31:34 +05:30			`transport := &http.Transport{`
Adding random tls impersonate (#3844) * adding random tls impersonate * dep update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-06-21 13:47:18 +02:00			`ForceAttemptHTTP2: options.ForceAttemptHTTP2,`
Remove singletons from Nuclei engine (continuation of #6210) (#6296) * introducing execution id * wip * . * adding separate execution context id * lint * vet * fixing pg dialers * test ignore * fixing loader FD limit * test * fd fix * wip: remove CloseProcesses() from dev merge * wip: fix merge issue * protocolstate: stop memguarding on last dialer delete * avoid data race in dialers.RawHTTPClient * use shared logger and avoid race conditions * use shared logger and avoid race conditions * go mod * patch executionId into compiled template cache * clean up comment in Parse * go mod update * bump echarts * address merge issues * fix use of gologger * switch cmd/nuclei to options.Logger * address merge issues with go.mod * go vet: address copy of lock with new Copy function * fixing tests * disable speed control * fix nil ExecuterOptions * removing deprecated code * fixing result print * default logger * cli default logger * filter warning from results * fix performance test * hardcoding path * disable upload * refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg` Signed-off-by: Dwi Siswanto <git@dw1.io> * Revert "disable upload" This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682. * Revert "hardcoding path" This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00. --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com> 2025-07-09 14:47:26 -05:00			`DialContext: dialers.Fastdialer.Dial,`
Adding random tls impersonate (#3844) * adding random tls impersonate * dep update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-06-21 13:47:18 +02:00			`DialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) {`
			`if options.TlsImpersonate {`
Remove singletons from Nuclei engine (continuation of #6210) (#6296) * introducing execution id * wip * . * adding separate execution context id * lint * vet * fixing pg dialers * test ignore * fixing loader FD limit * test * fd fix * wip: remove CloseProcesses() from dev merge * wip: fix merge issue * protocolstate: stop memguarding on last dialer delete * avoid data race in dialers.RawHTTPClient * use shared logger and avoid race conditions * use shared logger and avoid race conditions * go mod * patch executionId into compiled template cache * clean up comment in Parse * go mod update * bump echarts * address merge issues * fix use of gologger * switch cmd/nuclei to options.Logger * address merge issues with go.mod * go vet: address copy of lock with new Copy function * fixing tests * disable speed control * fix nil ExecuterOptions * removing deprecated code * fixing result print * default logger * cli default logger * filter warning from results * fix performance test * hardcoding path * disable upload * refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg` Signed-off-by: Dwi Siswanto <git@dw1.io> * Revert "disable upload" This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682. * Revert "hardcoding path" This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00. --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com> 2025-07-09 14:47:26 -05:00			`return dialers.Fastdialer.DialTLSWithConfigImpersonate(ctx, network, addr, tlsConfig, impersonate.Random, nil)`
Adding random tls impersonate (#3844) * adding random tls impersonate * dep update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-06-21 13:47:18 +02:00			`}`
tlsconfig by reference with h2 (#4237) Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> 2023-10-13 18:12:28 +02:00			`if options.HasClientCertificates() \|\| options.ForceAttemptHTTP2 {`
Remove singletons from Nuclei engine (continuation of #6210) (#6296) * introducing execution id * wip * . * adding separate execution context id * lint * vet * fixing pg dialers * test ignore * fixing loader FD limit * test * fd fix * wip: remove CloseProcesses() from dev merge * wip: fix merge issue * protocolstate: stop memguarding on last dialer delete * avoid data race in dialers.RawHTTPClient * use shared logger and avoid race conditions * use shared logger and avoid race conditions * go mod * patch executionId into compiled template cache * clean up comment in Parse * go mod update * bump echarts * address merge issues * fix use of gologger * switch cmd/nuclei to options.Logger * address merge issues with go.mod * go vet: address copy of lock with new Copy function * fixing tests * disable speed control * fix nil ExecuterOptions * removing deprecated code * fixing result print * default logger * cli default logger * filter warning from results * fix performance test * hardcoding path * disable upload * refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg` Signed-off-by: Dwi Siswanto <git@dw1.io> * Revert "disable upload" This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682. * Revert "hardcoding path" This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00. --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com> 2025-07-09 14:47:26 -05:00			`return dialers.Fastdialer.DialTLSWithConfig(ctx, network, addr, tlsConfig)`
tlsconfig by reference with h2 (#4237) Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> 2023-10-13 18:12:28 +02:00			`}`
Remove singletons from Nuclei engine (continuation of #6210) (#6296) * introducing execution id * wip * . * adding separate execution context id * lint * vet * fixing pg dialers * test ignore * fixing loader FD limit * test * fd fix * wip: remove CloseProcesses() from dev merge * wip: fix merge issue * protocolstate: stop memguarding on last dialer delete * avoid data race in dialers.RawHTTPClient * use shared logger and avoid race conditions * use shared logger and avoid race conditions * go mod * patch executionId into compiled template cache * clean up comment in Parse * go mod update * bump echarts * address merge issues * fix use of gologger * switch cmd/nuclei to options.Logger * address merge issues with go.mod * go vet: address copy of lock with new Copy function * fixing tests * disable speed control * fix nil ExecuterOptions * removing deprecated code * fixing result print * default logger * cli default logger * filter warning from results * fix performance test * hardcoding path * disable upload * refactor(runner): uses `Warning` instead of `Print` for `pdcpUploadErrMsg` Signed-off-by: Dwi Siswanto <git@dw1.io> * Revert "disable upload" This reverts commit 114fbe6663361bf41cf8b2645fd2d57083d53682. * Revert "hardcoding path" This reverts commit cf12ca800e0a0e974bd9fd4826a24e51547f7c00. --------- Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Mzack9999 <mzack9999@protonmail.com> Co-authored-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dwi Siswanto <25837540+dwisiswant0@users.noreply.github.com> 2025-07-09 14:47:26 -05:00			`return dialers.Fastdialer.DialTLS(ctx, network, addr)`
Adding random tls impersonate (#3844) * adding random tls impersonate * dep update --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-06-21 13:47:18 +02:00			`},`
Add headless chrome based templates support (#562) 2021-02-21 16:31:34 +05:30			`MaxIdleConns: 500,`
			`MaxIdleConnsPerHost: 500,`
			`MaxConnsPerHost: 500,`
Client certificate authentication for headless connections 2021-10-21 13:48:13 -04:00			`TLSClientConfig: tlsConfig,`
Add headless chrome based templates support (#562) 2021-02-21 16:31:34 +05:30			`}`
Add Alive Proxy into Options (#5903) * Move proxy variable from global to options - Provides ability to pass diff proxy in single nuclei instance using sdk * add type check (resolve comments) 2024-12-13 04:23:27 +05:30			`if options.AliveHttpProxy != "" {`
			`if proxyURL, err := url.Parse(options.AliveHttpProxy); err == nil {`
Fixing http proxy not working in headless browser 2021-10-18 09:32:38 +02:00			`transport.Proxy = http.ProxyURL(proxyURL)`
			`}`
Add Alive Proxy into Options (#5903) * Move proxy variable from global to options - Provides ability to pass diff proxy in single nuclei instance using sdk * add type check (resolve comments) 2024-12-13 04:23:27 +05:30			`} else if options.AliveSocksProxy != "" {`
			`socksURL, proxyErr := url.Parse(options.AliveSocksProxy)`
Fix socks5 proxy not working on tor proxy (#2455) * fix: socks5 proxy not working on tor proxy * fix: socks5 proxy not working on tor proxy * minor refactoring Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: Mzack9999 <mzack9999@protonmail.com> 2022-08-22 17:48:45 +08:00			`if proxyErr != nil {`
			`return nil, err`
			`}`
			`dialer, err := proxy.FromURL(socksURL, proxy.Direct)`
			`if err != nil {`
			`return nil, err`
Adding proxy socks support to headless browser 2021-10-20 00:02:06 +02:00			`}`
Fix socks5 proxy not working on tor proxy (#2455) * fix: socks5 proxy not working on tor proxy * fix: socks5 proxy not working on tor proxy * minor refactoring Co-authored-by: Sandeep Singh <sandeep@projectdiscovery.io> Co-authored-by: Mzack9999 <mzack9999@protonmail.com> 2022-08-22 17:48:45 +08:00
Adding proxy socks support to headless browser 2021-10-20 00:02:06 +02:00			`dc := dialer.(interface {`
			`DialContext(ctx context.Context, network, addr string) (net.Conn, error)`
			`})`
Adding support for constants (#3692) * adding support for constants * fixing typo * adding integration test * fixing lint issues * fixing template syntax 2023-05-25 18:32:35 +02:00			`transport.DialContext = dc.DialContext`
Fixing http proxy not working in headless browser 2021-10-18 09:32:38 +02:00			`}`

Making headless httpclient more similar to real browsers 2021-10-20 13:26:47 +02:00			`jar, _ := cookiejar.New(nil)`

			`httpclient := &http.Client{`
			`Transport: transport,`
			`Timeout: time.Duration(options.Timeout3) time.Second,`
			`Jar: jar,`
			`CheckRedirect: func(req http.Request, via []http.Request) error {`
			`// the browser should follow redirects not us`
			`return http.ErrUseLastResponse`
			`},`
Fixing http proxy not working in headless browser 2021-10-18 09:32:38 +02:00			`}`

Improving error handling in client certificate library (#1237) 2021-11-10 18:12:49 +01:00			`return httpclient, nil`
Add headless chrome based templates support (#562) 2021-02-21 16:31:34 +05:30			`}`