diff --git a/SYNTAX-REFERENCE.md b/SYNTAX-REFERENCE.md
index 5aa3f10a4..c55ea94ee 100755
--- a/SYNTAX-REFERENCE.md
+++ b/SYNTAX-REFERENCE.md
@@ -1390,12 +1390,12 @@ Valid values:
-cookie-reuse bool
+disable-cookie bool
-CookieReuse is an optional setting that enables cookie reuse for
+DisableCookie is an optional setting that disables cookie reuse for
all requests defined in raw section.
@@ -2881,12 +2881,12 @@ Fuzzing describes schema to fuzz headless requests
-cookie-reuse bool
+disable-cookie bool
-CookieReuse is an optional setting that enables cookie reuse
+DisableCookie is an optional setting that disables cookie reuse
diff --git a/integration_tests/protocols/http/raw-cookie-reuse.yaml b/integration_tests/protocols/http/raw-cookie-reuse.yaml
index d680ad295..009431ca4 100644
--- a/integration_tests/protocols/http/raw-cookie-reuse.yaml
+++ b/integration_tests/protocols/http/raw-cookie-reuse.yaml
@@ -1,6 +1,6 @@
id: cookiereuse-raw-example
info:
- name: Test CookieReuse RAW Template
+ name: Test Cookie Reuse RAW Template
author: pdteam
severity: info
@@ -27,7 +27,6 @@ requests:
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Language: en-US,en;q=0.9
- cookie-reuse: true
matchers:
- type: word
words:
diff --git a/integration_tests/protocols/http/raw-dynamic-extractor.yaml b/integration_tests/protocols/http/raw-dynamic-extractor.yaml
index d576be458..4e10205d8 100644
--- a/integration_tests/protocols/http/raw-dynamic-extractor.yaml
+++ b/integration_tests/protocols/http/raw-dynamic-extractor.yaml
@@ -36,7 +36,6 @@ requests:
regex:
- "Token: '([A-Za-z0-9]+)'"
- cookie-reuse: true
matchers:
- type: word
words:
diff --git a/integration_tests/workflow/headless-1.yaml b/integration_tests/workflow/headless-1.yaml
index 2a5895316..dfc297d43 100644
--- a/integration_tests/workflow/headless-1.yaml
+++ b/integration_tests/workflow/headless-1.yaml
@@ -6,8 +6,7 @@ info:
tags: headless
headless:
- - cookie-reuse: true
- steps:
+ - steps:
- action: navigate
args:
url: "{{BaseURL}}/headless1"
diff --git a/integration_tests/workflow/http-1.yaml b/integration_tests/workflow/http-1.yaml
index cdebddf3d..e65d52fbb 100644
--- a/integration_tests/workflow/http-1.yaml
+++ b/integration_tests/workflow/http-1.yaml
@@ -8,5 +8,4 @@ info:
http:
- method: GET
path:
- - "{{BaseURL}}/http1"
- cookie-reuse: true
\ No newline at end of file
+ - "{{BaseURL}}/http1"
\ No newline at end of file
diff --git a/integration_tests/workflow/http-2.yaml b/integration_tests/workflow/http-2.yaml
index e5000e056..d4e6f52d0 100644
--- a/integration_tests/workflow/http-2.yaml
+++ b/integration_tests/workflow/http-2.yaml
@@ -8,5 +8,4 @@ info:
http:
- method: GET
path:
- - "{{BaseURL}}/http2"
- cookie-reuse: true
\ No newline at end of file
+ - "{{BaseURL}}/http2"
\ No newline at end of file
diff --git a/integration_tests/workflow/http-3.yaml b/integration_tests/workflow/http-3.yaml
index 230408dd7..82655e38a 100644
--- a/integration_tests/workflow/http-3.yaml
+++ b/integration_tests/workflow/http-3.yaml
@@ -8,5 +8,4 @@ info:
http:
- method: GET
path:
- - "{{BaseURL}}/http3"
- cookie-reuse: true
\ No newline at end of file
+ - "{{BaseURL}}/http3"
\ No newline at end of file
diff --git a/pkg/protocols/headless/engine/page.go b/pkg/protocols/headless/engine/page.go
index 0df4d9ab9..7e2bb37bb 100644
--- a/pkg/protocols/headless/engine/page.go
+++ b/pkg/protocols/headless/engine/page.go
@@ -39,9 +39,9 @@ type HistoryData struct {
// Options contains additional configuration options for the browser instance
type Options struct {
- Timeout time.Duration
- CookieReuse bool
- Options *types.Options
+ Timeout time.Duration
+ DisableCookie bool
+ Options *types.Options
}
// Run runs a list of actions by creating a new page in the browser.
@@ -108,7 +108,7 @@ func (i *Instance) Run(input *contextargs.Context, actions []*Action, payloads m
return nil, nil, err
}
- if options.CookieReuse {
+ if !options.DisableCookie {
if cookies := input.CookieJar.Cookies(URL); len(cookies) > 0 {
var NetworkCookies []*proto.NetworkCookie
for _, cookie := range cookies {
@@ -141,9 +141,9 @@ func (i *Instance) Run(input *contextargs.Context, actions []*Action, payloads m
return nil, nil, err
}
- if options.CookieReuse {
+ if !options.DisableCookie {
// at the end of actions pull out updated cookies from the browser and inject them into the shared cookie jar
- if cookies, err := page.Cookies([]string{URL.String()}); options.CookieReuse && err == nil && len(cookies) > 0 {
+ if cookies, err := page.Cookies([]string{URL.String()}); !options.DisableCookie && err == nil && len(cookies) > 0 {
var httpCookies []*http.Cookie
for _, cookie := range cookies {
httpCookie := &http.Cookie{
diff --git a/pkg/protocols/headless/engine/rules.go b/pkg/protocols/headless/engine/rules.go
index a3b302c49..15cbc6861 100644
--- a/pkg/protocols/headless/engine/rules.go
+++ b/pkg/protocols/headless/engine/rules.go
@@ -37,7 +37,7 @@ func (p *Page) routingRuleHandler(ctx *rod.Hijack) {
}
}
- if p.options.CookieReuse {
+ if !p.options.DisableCookie {
// each http request is performed via the native go http client
// we first inject the shared cookies
if cookies := p.input.CookieJar.Cookies(ctx.Request.URL()); len(cookies) > 0 {
@@ -48,7 +48,7 @@ func (p *Page) routingRuleHandler(ctx *rod.Hijack) {
// perform the request
_ = ctx.LoadResponse(p.instance.browser.httpclient, true)
- if p.options.CookieReuse {
+ if !p.options.DisableCookie {
// retrieve the updated cookies from the native http client and inject them into the shared cookie jar
// keeps existing one if not present
if cookies := p.instance.browser.httpclient.Jar.Cookies(ctx.Request.URL()); len(cookies) > 0 {
diff --git a/pkg/protocols/headless/headless.go b/pkg/protocols/headless/headless.go
index f40647994..b178239c5 100644
--- a/pkg/protocols/headless/headless.go
+++ b/pkg/protocols/headless/headless.go
@@ -65,7 +65,12 @@ type Request struct {
// description: |
// CookieReuse is an optional setting that enables cookie reuse
+ // Deprecated: This is default now. Use disable-cookie to disable cookie reuse. cookie-reuse will be removed in future releases.
CookieReuse bool `yaml:"cookie-reuse,omitempty" json:"cookie-reuse,omitempty" jsonschema:"title=optional cookie reuse enable,description=Optional setting that enables cookie reuse"`
+
+ // description: |
+ // DisableCookie is an optional setting that disables cookie reuse
+ DisableCookie bool `yaml:"disable-cookie,omitempty" json:"disable-cookie,omitempty" jsonschema:"title=optional disable cookie reuse,description=Optional setting that disables cookie reuse"`
}
// RequestPartDefinitions contains a mapping of request part definitions and their
diff --git a/pkg/protocols/headless/request.go b/pkg/protocols/headless/request.go
index e09583e6e..cfd4491fc 100644
--- a/pkg/protocols/headless/request.go
+++ b/pkg/protocols/headless/request.go
@@ -130,13 +130,13 @@ func (request *Request) executeRequestWithPayloads(input *contextargs.Context, p
return errors.Wrap(err, errCouldGetHtmlElement)
}
options := &engine.Options{
- Timeout: time.Duration(request.options.Options.PageTimeout) * time.Second,
- CookieReuse: request.CookieReuse,
- Options: request.options.Options,
+ Timeout: time.Duration(request.options.Options.PageTimeout) * time.Second,
+ DisableCookie: request.DisableCookie,
+ Options: request.options.Options,
}
- if options.CookieReuse && input.CookieJar == nil {
- return errors.New("cookie-reuse set but cookie-jar is nil")
+ if !options.DisableCookie && input.CookieJar == nil {
+ return errors.New("cookie reuse enabled but cookie-jar is nil")
}
out, page, err := instance.Run(input, request.Steps, payloads, options)
diff --git a/pkg/protocols/http/cluster.go b/pkg/protocols/http/cluster.go
index d2d37190c..383981745 100644
--- a/pkg/protocols/http/cluster.go
+++ b/pkg/protocols/http/cluster.go
@@ -16,7 +16,7 @@ func (request *Request) CanCluster(other *Request) bool {
}
if request.Method != other.Method ||
request.MaxRedirects != other.MaxRedirects ||
- request.CookieReuse != other.CookieReuse ||
+ request.DisableCookie != other.DisableCookie ||
request.Redirects != other.Redirects {
return false
}
diff --git a/pkg/protocols/http/http.go b/pkg/protocols/http/http.go
index 5b61ff094..568688ac2 100644
--- a/pkg/protocols/http/http.go
+++ b/pkg/protocols/http/http.go
@@ -146,7 +146,13 @@ type Request struct {
// description: |
// CookieReuse is an optional setting that enables cookie reuse for
// all requests defined in raw section.
+ // Deprecated: This is default now. Use disable-cookie to disable cookie reuse. cookie-reuse will be removed in future releases.
CookieReuse bool `yaml:"cookie-reuse,omitempty" json:"cookie-reuse,omitempty" jsonschema:"title=optional cookie reuse enable,description=Optional setting that enables cookie reuse"`
+
+ // description: |
+ // DisableCookie is an optional setting that disables cookie reuse
+ DisableCookie bool `yaml:"disable-cookie,omitempty" json:"disable-cookie,omitempty" jsonschema:"title=optional disable cookie reuse,description=Optional setting that disables cookie reuse"`
+
// description: |
// Enables force reading of the entire raw unsafe request body ignoring
// any specified content length headers.
@@ -247,10 +253,10 @@ func (request *Request) Compile(options *protocols.ExecutorOptions) error {
}
connectionConfiguration := &httpclientpool.Configuration{
- Threads: request.Threads,
- MaxRedirects: request.MaxRedirects,
- NoTimeout: false,
- CookieReuse: request.CookieReuse,
+ Threads: request.Threads,
+ MaxRedirects: request.MaxRedirects,
+ NoTimeout: false,
+ DisableCookie: request.DisableCookie,
Connection: &httpclientpool.ConnectionConfiguration{
DisableKeepAlive: httputil.ShouldDisableKeepAlive(options.Options),
},
diff --git a/pkg/protocols/http/httpclientpool/clientpool.go b/pkg/protocols/http/httpclientpool/clientpool.go
index aeaa9a214..1560e787a 100644
--- a/pkg/protocols/http/httpclientpool/clientpool.go
+++ b/pkg/protocols/http/httpclientpool/clientpool.go
@@ -95,8 +95,8 @@ type Configuration struct {
MaxRedirects int
// NoTimeout disables http request timeout for context based usage
NoTimeout bool
- // CookieReuse enables cookie reuse for the http client (cookiejar impl)
- CookieReuse bool
+ // DisableCookie disables cookie reuse for the http client (cookiejar impl)
+ DisableCookie bool
// FollowRedirects specifies the redirects flow
RedirectFlow RedirectFlow
// Connection defines custom connection configuration
@@ -116,7 +116,7 @@ func (c *Configuration) Hash() string {
builder.WriteString("f")
builder.WriteString(strconv.Itoa(int(c.RedirectFlow)))
builder.WriteString("r")
- builder.WriteString(strconv.FormatBool(c.CookieReuse))
+ builder.WriteString(strconv.FormatBool(c.DisableCookie))
builder.WriteString("c")
builder.WriteString(strconv.FormatBool(c.Connection != nil))
hash := builder.String()
@@ -125,7 +125,7 @@ func (c *Configuration) Hash() string {
// HasStandardOptions checks whether the configuration requires custom settings
func (c *Configuration) HasStandardOptions() bool {
- return c.Threads == 0 && c.MaxRedirects == 0 && c.RedirectFlow == DontFollowRedirect && !c.CookieReuse && c.Connection == nil && !c.NoTimeout
+ return c.Threads == 0 && c.MaxRedirects == 0 && c.RedirectFlow == DontFollowRedirect && c.DisableCookie && c.Connection == nil && !c.NoTimeout
}
// GetRawHTTP returns the rawhttp request client
@@ -277,7 +277,7 @@ func wrappedGet(options *types.Options, configuration *Configuration) (*retryabl
var jar *cookiejar.Jar
if configuration.Connection != nil && configuration.Connection.HasCookieJar() {
jar = configuration.Connection.GetCookieJar()
- } else if configuration.CookieReuse {
+ } else if !configuration.DisableCookie {
if jar, err = cookiejar.New(&cookiejar.Options{PublicSuffixList: publicsuffix.List}); err != nil {
return nil, errors.Wrap(err, "could not create cookiejar")
}
diff --git a/pkg/templates/cluster.go b/pkg/templates/cluster.go
index f98f1cd29..219262e1c 100644
--- a/pkg/templates/cluster.go
+++ b/pkg/templates/cluster.go
@@ -32,7 +32,7 @@ import (
//
// Cases where clustering is not performed (request is considered different)
// - If request contains payloads,raw,body,unsafe,req-condition,name attributes
-// - If request methods,max-redirects,cookie-reuse,redirects are not equal
+// - If request methods,max-redirects,disable-cookie,redirects are not equal
// - If request paths aren't identical.
// - If request headers aren't identical
// - Similarly for DNS, only identical DNS requests are clustered to a target.
diff --git a/pkg/testutils/integration.go b/pkg/testutils/integration.go
index 5156291ce..91a5adc10 100644
--- a/pkg/testutils/integration.go
+++ b/pkg/testutils/integration.go
@@ -144,7 +144,7 @@ func RunNucleiArgsWithEnvAndGetResults(debug bool, env []string, extra ...string
cmd.Env = append(os.Environ(), env...)
cmd.Args = append(cmd.Args, extra...)
cmd.Args = append(cmd.Args, "-duc") // disable auto updates
- cmd.Args = append(cmd.Args, "-interactions-poll-duration", "1")
+ cmd.Args = append(cmd.Args, "-interactions-poll-duration", "5")
cmd.Args = append(cmd.Args, "-interactions-cooldown-period", "10")
cmd.Args = append(cmd.Args, "-allow-local-file-access")
if debug {