External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-18 09:35:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix unresolved interactsh-url variable with fuzzing (#5289)

Browse Source 
* fix unresolved interactsh variable with fuzzing

* fix variables override with fuzzing
This commit is contained in:
Ramana Reddy 2024-07-26 00:01:05 +05:30 committed by GitHub
parent f930e9a58f
commit 33dbb51505
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkg/fuzz/execute.go
View File

@ -167,9 +167,12 @@ func (rule *Rule) evaluateVarsWithInteractsh(data map[string]interface{}, intera
if rule.options.Interactsh != nil { if rule.options.Interactsh != nil {
// Iterate through the data to replace and evaluate variables with Interactsh URLs // Iterate through the data to replace and evaluate variables with Interactsh URLs
for k, v := range data { for k, v := range data {
value := fmt.Sprint(v)
// Replace variables with Interactsh URLs and collect new URLs // Replace variables with Interactsh URLs and collect new URLs
got, oastUrls := rule.options.Interactsh.Replace(fmt.Sprint(v), interactshUrls) got, oastUrls := rule.options.Interactsh.Replace(value, interactshUrls)
if got != value {
data[k] = got
}
// Append new OAST URLs if any // Append new OAST URLs if any
if len(oastUrls) > 0 { if len(oastUrls) > 0 {
interactshUrls = append(interactshUrls, oastUrls...) interactshUrls = append(interactshUrls, oastUrls...)

4
pkg/fuzz/parts.go
View File

@ -181,9 +181,9 @@ func (rule *Rule) execWithInput(input *ExecuteRuleInput, httpReq *retryablehttp.
// for fuzzing. // for fuzzing.
func (rule *Rule) executeEvaluate(input *ExecuteRuleInput, _, value, payload string, interactshURLs []string) (string, []string) { func (rule *Rule) executeEvaluate(input *ExecuteRuleInput, _, value, payload string, interactshURLs []string) (string, []string) {
// TODO: Handle errors // TODO: Handle errors
values := generators.MergeMaps(input.Values, map[string]interface{}{ values := generators.MergeMaps(rule.options.Variables.GetAll(), map[string]interface{}{
"value": value, "value": value,
}, rule.options.Options.Vars.AsMap(), rule.options.Variables.GetAll()) }, rule.options.Options.Vars.AsMap(), input.Values)
firstpass, _ := expressions.Evaluate(payload, values) firstpass, _ := expressions.Evaluate(payload, values)
interactData, interactshURLs := rule.options.Interactsh.Replace(firstpass, interactshURLs) interactData, interactshURLs := rule.options.Interactsh.Replace(firstpass, interactshURLs)
evaluated, _ := expressions.Evaluate(interactData, values) evaluated, _ := expressions.Evaluate(interactData, values)

2
pkg/protocols/common/interactsh/const.go
View File

@ -8,7 +8,7 @@ import (
var ( var (
defaultInteractionDuration = 60 * time.Second defaultInteractionDuration = 60 * time.Second
interactshURLMarkerRegex = regexp.MustCompile(`{{interactsh-url(?:_[0-9]+){0,3}}}`) interactshURLMarkerRegex = regexp.MustCompile(`(%7[B|b]|\{){2}(interactsh-url(?:_[0-9]+){0,3})(%7[D|d]|\}){2}`)
ErrInteractshClientNotInitialized = errors.New("interactsh client not initialized") ErrInteractshClientNotInitialized = errors.New("interactsh client not initialized")
) )