2021-02-21 16:31:34 +05:30
|
|
|
package headless
|
|
|
|
|
|
|
|
|
|
import (
|
2023-07-28 19:28:20 +05:30
|
|
|
"fmt"
|
2021-02-21 16:31:34 +05:30
|
|
|
"net/url"
|
|
|
|
|
"strings"
|
2021-03-01 14:20:56 +05:30
|
|
|
"time"
|
2021-02-21 16:31:34 +05:30
|
|
|
|
2023-09-18 21:31:32 +03:00
|
|
|
"github.com/projectdiscovery/retryablehttp-go"
|
|
|
|
|
|
2021-02-21 16:31:34 +05:30
|
|
|
"github.com/pkg/errors"
|
2022-12-20 21:59:28 +01:00
|
|
|
"golang.org/x/exp/maps"
|
2021-09-29 19:43:46 +03:00
|
|
|
|
2021-02-21 16:31:34 +05:30
|
|
|
"github.com/projectdiscovery/gologger"
|
2024-03-14 03:08:53 +05:30
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/fuzz"
|
2023-10-17 17:44:13 +05:30
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/output"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/contextargs"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/generators"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/helpers/eventcreator"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/helpers/responsehighlighter"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/interactsh"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/utils/vardump"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless/engine"
|
|
|
|
|
protocolutils "github.com/projectdiscovery/nuclei/v3/pkg/protocols/utils"
|
|
|
|
|
templateTypes "github.com/projectdiscovery/nuclei/v3/pkg/templates/types"
|
|
|
|
|
"github.com/projectdiscovery/nuclei/v3/pkg/types"
|
2023-06-09 05:50:44 +05:30
|
|
|
urlutil "github.com/projectdiscovery/utils/url"
|
2021-02-21 16:31:34 +05:30
|
|
|
)
|
|
|
|
|
|
|
|
|
|
var _ protocols.Request = &Request{}
|
|
|
|
|
|
2023-01-05 12:56:18 +01:00
|
|
|
const errCouldGetHtmlElement = "could get html element"
|
2022-05-12 05:10:14 -05:00
|
|
|
|
2021-11-03 19:53:45 +05:30
|
|
|
// Type returns the type of the protocol request
|
|
|
|
|
func (request *Request) Type() templateTypes.ProtocolType {
|
|
|
|
|
return templateTypes.HeadlessProtocol
|
|
|
|
|
}
|
|
|
|
|
|
2021-02-21 16:31:34 +05:30
|
|
|
// ExecuteWithResults executes the protocol requests and returns results instead of writing them.
|
2022-12-09 19:47:03 +01:00
|
|
|
func (request *Request) ExecuteWithResults(input *contextargs.Context, metadata, previous output.InternalEvent, callback protocols.OutputEventCallback) error {
|
2023-11-02 16:38:20 +03:00
|
|
|
if request.SelfContained {
|
|
|
|
|
url, err := extractBaseURLFromActions(request.Steps)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
input = contextargs.NewWithInput(url)
|
|
|
|
|
}
|
|
|
|
|
|
2022-02-24 12:31:08 +05:30
|
|
|
if request.options.Browser.UserAgent() == "" {
|
|
|
|
|
request.options.Browser.SetUserAgent(request.compiledUserAgent)
|
|
|
|
|
}
|
2022-04-01 23:12:02 +05:30
|
|
|
|
2023-05-02 23:49:56 +05:30
|
|
|
vars := protocolutils.GenerateVariablesWithContextArgs(input, false)
|
2022-05-27 18:01:56 +02:00
|
|
|
payloads := generators.BuildPayloadFromOptions(request.options.Options)
|
2023-06-09 19:52:56 +05:30
|
|
|
// add templatecontext variables to varMap
|
2024-01-18 05:53:42 +05:30
|
|
|
values := generators.MergeMaps(vars, metadata, payloads)
|
|
|
|
|
if request.options.HasTemplateCtx(input.MetaInput) {
|
|
|
|
|
values = generators.MergeMaps(values, request.options.GetTemplateCtx(input.MetaInput).GetAll())
|
|
|
|
|
}
|
2022-05-27 18:01:56 +02:00
|
|
|
variablesMap := request.options.Variables.Evaluate(values)
|
2023-05-25 18:32:35 +02:00
|
|
|
payloads = generators.MergeMaps(variablesMap, payloads, request.options.Constants)
|
2022-04-01 23:12:02 +05:30
|
|
|
|
2022-12-19 19:52:17 +05:30
|
|
|
// check for operator matches by wrapping callback
|
|
|
|
|
gotmatches := false
|
|
|
|
|
wrappedCallback := func(results *output.InternalWrappedEvent) {
|
|
|
|
|
callback(results)
|
|
|
|
|
if results != nil && results.OperatorsResult != nil {
|
|
|
|
|
gotmatches = results.OperatorsResult.Matched
|
|
|
|
|
}
|
|
|
|
|
}
|
2023-06-09 05:50:44 +05:30
|
|
|
// verify if fuzz elaboration was requested
|
|
|
|
|
if len(request.Fuzzing) > 0 {
|
2023-06-26 19:25:51 +02:00
|
|
|
return request.executeFuzzingRule(input, payloads, previous, wrappedCallback)
|
2023-06-09 05:50:44 +05:30
|
|
|
}
|
2022-02-04 11:43:42 +01:00
|
|
|
if request.generator != nil {
|
|
|
|
|
iterator := request.generator.NewIterator()
|
|
|
|
|
for {
|
|
|
|
|
value, ok := iterator.Value()
|
|
|
|
|
if !ok {
|
|
|
|
|
break
|
|
|
|
|
}
|
2022-12-19 19:52:17 +05:30
|
|
|
if gotmatches && (request.StopAtFirstMatch || request.options.Options.StopAtFirstMatch || request.options.StopAtFirstMatch) {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2022-02-04 11:43:42 +01:00
|
|
|
value = generators.MergeMaps(value, payloads)
|
2023-06-26 19:25:51 +02:00
|
|
|
if err := request.executeRequestWithPayloads(input, value, previous, wrappedCallback); err != nil {
|
2022-02-04 11:43:42 +01:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} else {
|
2022-12-20 21:59:28 +01:00
|
|
|
value := maps.Clone(payloads)
|
2023-06-26 19:25:51 +02:00
|
|
|
if err := request.executeRequestWithPayloads(input, value, previous, wrappedCallback); err != nil {
|
2022-02-04 11:43:42 +01:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2023-11-02 16:38:20 +03:00
|
|
|
// This function extracts the base URL from actions.
|
|
|
|
|
func extractBaseURLFromActions(steps []*engine.Action) (string, error) {
|
|
|
|
|
for _, action := range steps {
|
|
|
|
|
if action.ActionType.ActionType == engine.ActionNavigate {
|
|
|
|
|
navigateURL := action.GetArg("url")
|
|
|
|
|
url, err := urlutil.Parse(navigateURL)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return "", errors.Errorf("could not parse URL '%s': %s", navigateURL, err.Error())
|
|
|
|
|
}
|
|
|
|
|
return fmt.Sprintf("%s://%s", url.Scheme, url.Host), nil
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return "", errors.New("no navigation action found")
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-26 19:25:51 +02:00
|
|
|
func (request *Request) executeRequestWithPayloads(input *contextargs.Context, payloads map[string]interface{}, previous output.InternalEvent, callback protocols.OutputEventCallback) error {
|
2021-10-01 14:30:04 +03:00
|
|
|
instance, err := request.options.Browser.NewInstance()
|
2021-02-21 16:31:34 +05:30
|
|
|
if err != nil {
|
2023-06-26 19:25:51 +02:00
|
|
|
request.options.Output.Request(request.options.TemplatePath, input.MetaInput.Input, request.Type().String(), err)
|
2021-10-01 14:30:04 +03:00
|
|
|
request.options.Progress.IncrementFailedRequestsBy(1)
|
2023-01-05 12:56:18 +01:00
|
|
|
return errors.Wrap(err, errCouldGetHtmlElement)
|
2021-02-21 16:31:34 +05:30
|
|
|
}
|
|
|
|
|
defer instance.Close()
|
|
|
|
|
|
2022-11-01 20:28:50 +05:30
|
|
|
if vardump.EnableVarDump {
|
2023-10-13 13:17:27 +05:30
|
|
|
gologger.Debug().Msgf("Headless Protocol request variables: \n%s\n", vardump.DumpVariables(payloads))
|
2022-08-25 15:37:03 +05:30
|
|
|
}
|
|
|
|
|
|
2022-01-31 08:52:36 +01:00
|
|
|
instance.SetInteractsh(request.options.Interactsh)
|
|
|
|
|
|
2023-06-26 19:25:51 +02:00
|
|
|
if _, err := url.Parse(input.MetaInput.Input); err != nil {
|
|
|
|
|
request.options.Output.Request(request.options.TemplatePath, input.MetaInput.Input, request.Type().String(), err)
|
2021-10-01 14:30:04 +03:00
|
|
|
request.options.Progress.IncrementFailedRequestsBy(1)
|
2023-01-05 12:56:18 +01:00
|
|
|
return errors.Wrap(err, errCouldGetHtmlElement)
|
2021-02-21 16:31:34 +05:30
|
|
|
}
|
2023-06-26 19:25:51 +02:00
|
|
|
options := &engine.Options{
|
2023-11-18 10:32:10 +03:00
|
|
|
Timeout: time.Duration(request.options.Options.PageTimeout) * time.Second,
|
|
|
|
|
DisableCookie: request.DisableCookie,
|
|
|
|
|
Options: request.options.Options,
|
2023-06-26 19:25:51 +02:00
|
|
|
}
|
|
|
|
|
|
2023-11-18 10:32:10 +03:00
|
|
|
if !options.DisableCookie && input.CookieJar == nil {
|
|
|
|
|
return errors.New("cookie reuse enabled but cookie-jar is nil")
|
2023-06-26 19:25:51 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
out, page, err := instance.Run(input, request.Steps, payloads, options)
|
2021-02-21 16:31:34 +05:30
|
|
|
if err != nil {
|
2023-06-26 19:25:51 +02:00
|
|
|
request.options.Output.Request(request.options.TemplatePath, input.MetaInput.Input, request.Type().String(), err)
|
2021-10-01 14:30:04 +03:00
|
|
|
request.options.Progress.IncrementFailedRequestsBy(1)
|
2023-01-05 12:56:18 +01:00
|
|
|
return errors.Wrap(err, errCouldGetHtmlElement)
|
2021-02-21 16:31:34 +05:30
|
|
|
}
|
|
|
|
|
defer page.Close()
|
|
|
|
|
|
2023-07-28 19:28:20 +05:30
|
|
|
reqLog := instance.GetRequestLog()
|
|
|
|
|
navigatedURL := request.getLastNavigationURLWithLog(reqLog) // also known as matchedURL if there is a match
|
|
|
|
|
|
2023-06-26 19:25:51 +02:00
|
|
|
request.options.Output.Request(request.options.TemplatePath, input.MetaInput.Input, request.Type().String(), nil)
|
2021-10-01 14:30:04 +03:00
|
|
|
request.options.Progress.IncrementRequests()
|
2023-07-28 19:28:20 +05:30
|
|
|
gologger.Verbose().Msgf("Sent Headless request to %s", navigatedURL)
|
2021-02-21 16:31:34 +05:30
|
|
|
|
|
|
|
|
reqBuilder := &strings.Builder{}
|
2022-12-20 13:00:34 +01:00
|
|
|
if request.options.Options.Debug || request.options.Options.DebugRequests || request.options.Options.DebugResponse {
|
2023-07-28 19:28:20 +05:30
|
|
|
gologger.Info().Msgf("[%s] Dumped Headless request for %s", request.options.TemplateID, navigatedURL)
|
2021-02-21 16:31:34 +05:30
|
|
|
|
2021-10-01 14:30:04 +03:00
|
|
|
for _, act := range request.Steps {
|
2023-07-28 19:28:20 +05:30
|
|
|
if act.ActionType.ActionType == engine.ActionNavigate {
|
|
|
|
|
value := act.GetArg("url")
|
|
|
|
|
if reqLog[value] != "" {
|
|
|
|
|
reqBuilder.WriteString(fmt.Sprintf("\tnavigate => %v\n", reqLog[value]))
|
|
|
|
|
} else {
|
|
|
|
|
reqBuilder.WriteString(fmt.Sprintf("%v not found in %v\n", value, reqLog))
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
actStepStr := act.String()
|
|
|
|
|
reqBuilder.WriteString("\t" + actStepStr + "\n")
|
|
|
|
|
}
|
2021-02-21 16:31:34 +05:30
|
|
|
}
|
2022-12-20 13:00:34 +01:00
|
|
|
gologger.Debug().Msgf(reqBuilder.String())
|
2021-02-21 16:31:34 +05:30
|
|
|
}
|
|
|
|
|
|
2021-10-01 14:24:45 +03:00
|
|
|
var responseBody string
|
2021-02-21 16:31:34 +05:30
|
|
|
html, err := page.Page().Element("html")
|
|
|
|
|
if err == nil {
|
2021-10-01 14:24:45 +03:00
|
|
|
responseBody, _ = html.HTML()
|
2021-02-21 16:31:34 +05:30
|
|
|
}
|
2022-01-31 08:52:36 +01:00
|
|
|
|
2023-11-02 16:38:20 +03:00
|
|
|
outputEvent := request.responseToDSLMap(responseBody, out["header"], out["status_code"], reqBuilder.String(), input.MetaInput.Input, navigatedURL, page.DumpHistory())
|
2023-06-09 19:52:56 +05:30
|
|
|
// add response fields to template context and merge templatectx variables to output event
|
2023-08-31 18:03:01 +05:30
|
|
|
request.options.AddTemplateVars(input.MetaInput, request.Type(), request.ID, outputEvent)
|
2024-01-18 05:53:42 +05:30
|
|
|
if request.options.HasTemplateCtx(input.MetaInput) {
|
|
|
|
|
outputEvent = generators.MergeMaps(outputEvent, request.options.GetTemplateCtx(input.MetaInput).GetAll())
|
|
|
|
|
}
|
2021-02-21 16:31:34 +05:30
|
|
|
for k, v := range out {
|
|
|
|
|
outputEvent[k] = v
|
|
|
|
|
}
|
2022-04-02 02:14:00 +05:30
|
|
|
for k, v := range payloads {
|
|
|
|
|
outputEvent[k] = v
|
|
|
|
|
}
|
2021-02-21 16:31:34 +05:30
|
|
|
|
2022-01-31 08:52:36 +01:00
|
|
|
var event *output.InternalWrappedEvent
|
|
|
|
|
if len(page.InteractshURLs) == 0 {
|
2022-02-04 11:43:42 +01:00
|
|
|
event = eventcreator.CreateEvent(request, outputEvent, request.options.Options.Debug || request.options.Options.DebugResponse)
|
2022-01-31 08:52:36 +01:00
|
|
|
callback(event)
|
|
|
|
|
} else if request.options.Interactsh != nil {
|
|
|
|
|
event = &output.InternalWrappedEvent{InternalEvent: outputEvent}
|
|
|
|
|
request.options.Interactsh.RequestEvent(page.InteractshURLs, &interactsh.RequestData{
|
|
|
|
|
MakeResultFunc: request.MakeResultEvent,
|
|
|
|
|
Event: event,
|
|
|
|
|
Operators: request.CompiledOperators,
|
|
|
|
|
MatchFunc: request.Match,
|
|
|
|
|
ExtractFunc: request.Extract,
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
if len(page.InteractshURLs) > 0 {
|
|
|
|
|
event.UsesInteractsh = true
|
|
|
|
|
}
|
2021-10-01 14:24:45 +03:00
|
|
|
|
2023-06-26 19:25:51 +02:00
|
|
|
dumpResponse(event, request.options, responseBody, input.MetaInput.Input)
|
2021-09-29 19:43:46 +03:00
|
|
|
return nil
|
|
|
|
|
}
|
2021-10-30 13:17:47 +03:00
|
|
|
|
2023-05-31 16:58:10 -04:00
|
|
|
func dumpResponse(event *output.InternalWrappedEvent, requestOptions *protocols.ExecutorOptions, responseBody string, input string) {
|
2021-11-01 20:45:54 +02:00
|
|
|
cliOptions := requestOptions.Options
|
|
|
|
|
if cliOptions.Debug || cliOptions.DebugResponse {
|
|
|
|
|
highlightedResponse := responsehighlighter.Highlight(event.OperatorsResult, responseBody, cliOptions.NoColor, false)
|
|
|
|
|
gologger.Debug().Msgf("[%s] Dumped Headless response for %s\n\n%s", requestOptions.TemplateID, input, highlightedResponse)
|
2021-10-30 13:17:47 +03:00
|
|
|
}
|
|
|
|
|
}
|
2023-06-09 05:50:44 +05:30
|
|
|
|
|
|
|
|
// executeFuzzingRule executes a fuzzing rule in the template request
|
2023-06-26 19:25:51 +02:00
|
|
|
func (request *Request) executeFuzzingRule(input *contextargs.Context, payloads map[string]interface{}, previous output.InternalEvent, callback protocols.OutputEventCallback) error {
|
2023-06-09 05:50:44 +05:30
|
|
|
// check for operator matches by wrapping callback
|
|
|
|
|
gotmatches := false
|
|
|
|
|
fuzzRequestCallback := func(gr fuzz.GeneratedRequest) bool {
|
|
|
|
|
if gotmatches && (request.StopAtFirstMatch || request.options.Options.StopAtFirstMatch || request.options.StopAtFirstMatch) {
|
|
|
|
|
return true
|
|
|
|
|
}
|
2023-06-26 19:25:51 +02:00
|
|
|
newInput := input.Clone()
|
|
|
|
|
newInput.MetaInput.Input = gr.Request.URL.String()
|
|
|
|
|
if err := request.executeRequestWithPayloads(newInput, gr.DynamicValues, previous, callback); err != nil {
|
2023-06-09 05:50:44 +05:30
|
|
|
return false
|
|
|
|
|
}
|
|
|
|
|
return true
|
|
|
|
|
}
|
|
|
|
|
|
2023-06-26 19:25:51 +02:00
|
|
|
if _, err := urlutil.Parse(input.MetaInput.Input); err != nil {
|
2023-06-09 05:50:44 +05:30
|
|
|
return errors.Wrap(err, "could not parse url")
|
|
|
|
|
}
|
2023-09-18 21:31:32 +03:00
|
|
|
baseRequest, err := retryablehttp.NewRequest("GET", input.MetaInput.Input, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return errors.Wrap(err, "could not create base request")
|
|
|
|
|
}
|
2023-06-09 05:50:44 +05:30
|
|
|
for _, rule := range request.Fuzzing {
|
|
|
|
|
err := rule.Execute(&fuzz.ExecuteRuleInput{
|
2023-06-26 19:25:51 +02:00
|
|
|
Input: input,
|
2023-06-09 05:50:44 +05:30
|
|
|
Callback: fuzzRequestCallback,
|
|
|
|
|
Values: payloads,
|
2023-09-18 21:31:32 +03:00
|
|
|
BaseRequest: baseRequest,
|
2023-06-09 05:50:44 +05:30
|
|
|
})
|
2023-07-13 00:51:06 +05:30
|
|
|
if err == types.ErrNoMoreRequests {
|
2023-06-09 05:50:44 +05:30
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
if err != nil {
|
|
|
|
|
return errors.Wrap(err, "could not execute rule")
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return nil
|
|
|
|
|
}
|
2023-07-28 19:28:20 +05:30
|
|
|
|
2023-08-01 14:33:43 -04:00
|
|
|
// getLastNavigationURL returns last successfully navigated URL
|
2023-07-28 19:28:20 +05:30
|
|
|
func (request *Request) getLastNavigationURLWithLog(reqLog map[string]string) string {
|
|
|
|
|
for i := len(request.Steps) - 1; i >= 0; i-- {
|
|
|
|
|
if request.Steps[i].ActionType.ActionType == engine.ActionNavigate {
|
|
|
|
|
templateURL := request.Steps[i].GetArg("url")
|
|
|
|
|
if reqLog[templateURL] != "" {
|
|
|
|
|
return reqLog[templateURL]
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return ""
|
|
|
|
|
}
|
