External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-17 21:55:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #129 from dwisiswant0/improves-raw-requests

Browse Source 
Improvements HTTP RAW Requests
This commit is contained in:
Ice3man 2020-07-12 06:39:43 -07:00 committed by GitHub
commit d72b57e857
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 39 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
v2/pkg/requests/http-request.go
View File

@ -174,21 +174,12 @@ func (r *HTTPRequest) handleSimpleRaw(raw string, baseURL string, values map[str
// Replace the dynamic variables in the request if any // Replace the dynamic variables in the request if any
raw = replacer.Replace(raw) raw = replacer.Replace(raw)
compiledRequest, err := r.parseRawRequest(raw) compiledRequest, err := r.parseRawRequest(raw, baseURL)
if err != nil { if err != nil {
return &CompiledHTTP{Request: nil, Error: err, Meta: nil} return &CompiledHTTP{Request: nil, Error: err, Meta: nil}
} }
// requests generated from http.ReadRequest have incorrect RequestURI, so they req, err := http.NewRequest(compiledRequest.Method, compiledRequest.FullURL, strings.NewReader(compiledRequest.Data))
// cannot be used to perform another request directly, we need to generate a new one
// with the new target url
var finalURL string
if compiledRequest.Path != "?" {
finalURL = fmt.Sprintf("%s%s", baseURL, compiledRequest.Path)
} else {
finalURL = baseURL
}
req, err := http.NewRequest(compiledRequest.Method, finalURL, strings.NewReader(compiledRequest.Data))
if err != nil { if err != nil {
return &CompiledHTTP{Request: nil, Error: err, Meta: nil} return &CompiledHTTP{Request: nil, Error: err, Meta: nil}
} }
@ -238,21 +229,12 @@ func (r *HTTPRequest) handleRawWithPaylods(raw string, baseURL string, values, g
dynamicReplacer := newReplacer(dynamicValues) dynamicReplacer := newReplacer(dynamicValues)
raw = dynamicReplacer.Replace(raw) raw = dynamicReplacer.Replace(raw)
compiledRequest, err := r.parseRawRequest(raw) compiledRequest, err := r.parseRawRequest(raw, baseURL)
if err != nil { if err != nil {
return &CompiledHTTP{Request: nil, Error: err, Meta: nil} return &CompiledHTTP{Request: nil, Error: err, Meta: nil}
} }
// requests generated from http.ReadRequest have incorrect RequestURI, so they req, err := http.NewRequest(compiledRequest.Method, compiledRequest.FullURL, strings.NewReader(compiledRequest.Data))
// cannot be used to perform another request directly, we need to generate a new one
// with the new target url
var finalURL string
if compiledRequest.Path != "?" {
finalURL = fmt.Sprintf("%s%s", baseURL, compiledRequest.Path)
} else {
finalURL = baseURL
}
req, err := http.NewRequest(compiledRequest.Method, finalURL, strings.NewReader(compiledRequest.Data))
if err != nil { if err != nil {
return &CompiledHTTP{Request: nil, Error: err, Meta: nil} return &CompiledHTTP{Request: nil, Error: err, Meta: nil}
} }
@ -273,13 +255,8 @@ func (r *HTTPRequest) handleRawWithPaylods(raw string, baseURL string, values, g
func (r *HTTPRequest) fillRequest(req *http.Request, values map[string]interface{}) (*retryablehttp.Request, error) { func (r *HTTPRequest) fillRequest(req *http.Request, values map[string]interface{}) (*retryablehttp.Request, error) {
req.Header.Set("Connection", "close") req.Header.Set("Connection", "close")
req.Close = true req.Close = true
// raw requests are left untouched
if len(r.Raw) > 0 {
return retryablehttp.FromRequest(req)
}
replacer := newReplacer(values) replacer := newReplacer(values)
// Check if the user requested a request body // Check if the user requested a request body
if r.Body != "" { if r.Body != "" {
req.Body = ioutil.NopCloser(strings.NewReader(r.Body)) req.Body = ioutil.NopCloser(strings.NewReader(r.Body))
@ -295,6 +272,11 @@ func (r *HTTPRequest) fillRequest(req *http.Request, values map[string]interface
req.Header.Set("User-Agent", "Nuclei - Open-source project (github.com/projectdiscovery/nuclei)") req.Header.Set("User-Agent", "Nuclei - Open-source project (github.com/projectdiscovery/nuclei)")
} }
// raw requests are left untouched
if len(r.Raw) > 0 {
return retryablehttp.FromRequest(req)
}
if _, ok := req.Header["Accept"]; !ok { if _, ok := req.Header["Accept"]; !ok {
req.Header.Set("Accept", "*/*") req.Header.Set("Accept", "*/*")
} }
@ -327,6 +309,7 @@ func (c *CustomHeaders) Set(value string) error {
} }
type compiledRawRequest struct { type compiledRawRequest struct {
FullURL string
Method string Method string
Path string Path string
Data string Data string
@ -334,7 +317,7 @@ type compiledRawRequest struct {
} }
// parseRawRequest parses the raw request as supplied by the user // parseRawRequest parses the raw request as supplied by the user
func (r *HTTPRequest) parseRawRequest(request string) (*compiledRawRequest, error) { func (r *HTTPRequest) parseRawRequest(request string, baseURL string) (*compiledRawRequest, error) {
reader := bufio.NewReader(strings.NewReader(request)) reader := bufio.NewReader(strings.NewReader(request))
rawRequest := compiledRawRequest{ rawRequest := compiledRawRequest{
@ -385,6 +368,33 @@ func (r *HTTPRequest) parseRawRequest(request string) (*compiledRawRequest, erro
rawRequest.Path = parts[1] rawRequest.Path = parts[1]
} }
// If raw request doesn't have a Host header and/ path,
// this will be generated from the parsed baseURL
parsedURL, err := url.Parse(baseURL)
if err != nil {
return nil, fmt.Errorf("could not parse request URL: %s", err)
}
var hostURL string
if len(rawRequest.Headers["Host"]) == 0 {
hostURL = parsedURL.Host
} else {
hostURL = rawRequest.Headers["Host"]
}
if len(rawRequest.Path) == 0 {
rawRequest.Path = parsedURL.Path
} else {
// requests generated from http.ReadRequest have incorrect RequestURI, so they
// cannot be used to perform another request directly, we need to generate a new one
// with the new target url
if strings.HasPrefix(rawRequest.Path, "?") {
rawRequest.Path = fmt.Sprintf("%s%s", parsedURL.Path, rawRequest.Path)
}
}
rawRequest.FullURL = fmt.Sprintf("%s://%s%s", parsedURL.Scheme, hostURL, rawRequest.Path)
// Set the request body // Set the request body
b, err := ioutil.ReadAll(reader) b, err := ioutil.ReadAll(reader)
if err != nil { if err != nil {