External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-17 19:55:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed http body decoding with unsafe

Browse Source
This commit is contained in:
Ice3man543 2021-06-15 11:46:02 +05:30
parent f5b9bed40a
commit dbb70c5acc
5 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
integration_tests/http/raw-unsafe-request.yaml
View File

@ -17,4 +17,4 @@ requests:
matchers: matchers:
- type: word - type: word
words: words:
- "This is test-raw-unsafe request matcher." - "This is test raw-unsafe-matcher test"

4
integration_tests/run.sh
View File

@ -2,10 +2,10 @@
cd ../v2/cmd/nuclei cd ../v2/cmd/nuclei
go build go build
cp nuclei ../../../integration_tests/nuclei mv nuclei ../../../integration_tests/nuclei
cd ../integration-test cd ../integration-test
go build go build
cp integration-test ../../../integration_tests/integration-test mv integration-test ../../../integration_tests/integration-test
cd ../../../integration_tests cd ../../../integration_tests
./integration-test ./integration-test
if [ $? -eq 0 ] if [ $? -eq 0 ]

3
v2/cmd/integration-test/http.go
View File

@ -474,8 +474,7 @@ func (h *httpRawUnsafeRequest) Execute(filePath string) error {
ts := testutils.NewTCPServer(func(conn net.Conn) { ts := testutils.NewTCPServer(func(conn net.Conn) {
defer conn.Close() defer conn.Close()
_, _ = conn.Write([]byte("HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Length: 36\r\nContent-Type: text/plain; charset=utf-8\r\n\r\nThis is test raw-unsafe-matcher test"))
_, _ = conn.Write([]byte("HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Length: 40\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 25 Feb 2021 17:17:28 GMT\r\n\r\nThis is test-raw-unsafe request matcher.\r\n"))
}) })
defer ts.Close() defer ts.Close()

5
v2/pkg/protocols/common/interactsh/interactsh.go
View File

@ -3,6 +3,7 @@ package interactsh
import ( import (
"net/url" "net/url"
"strings" "strings"
"sync/atomic"
"time" "time"
"github.com/karlseguin/ccache" "github.com/karlseguin/ccache"
@ -26,6 +27,7 @@ type Client struct {
// interactions is a stored cache for interactsh-interaction->interactsh-url data // interactions is a stored cache for interactsh-interaction->interactsh-url data
interactions *ccache.Cache interactions *ccache.Cache
generated uint32 // decide to wait if we have a generated url
options *Options options *Options
matched bool matched bool
dotHostname string dotHostname string
@ -157,12 +159,13 @@ func (c *Client) processInteractionForRequest(interaction *server.Interaction, d
// URL returns a new URL that can be interacted with // URL returns a new URL that can be interacted with
func (c *Client) URL() string { func (c *Client) URL() string {
atomic.CompareAndSwapUint32(&c.generated, 0, 1)
return c.interactsh.URL() return c.interactsh.URL()
} }
// Close closes the interactsh clients after waiting for cooldown period. // Close closes the interactsh clients after waiting for cooldown period.
func (c *Client) Close() bool { func (c *Client) Close() bool {
if c.cooldownDuration > 0 { if c.cooldownDuration > 0 && atomic.LoadUint32(&c.generated) == 1 {
time.Sleep(c.cooldownDuration) time.Sleep(c.cooldownDuration)
} }
c.interactsh.StopPolling() c.interactsh.StopPolling()

6
v2/pkg/protocols/http/utils.go
View File

@ -105,11 +105,11 @@ func handleDecompression(resp *http.Response, bodyOrig []byte) (bodyDec []byte,
var reader io.ReadCloser var reader io.ReadCloser
switch resp.Header.Get("Content-Encoding") { switch resp.Header.Get("Content-Encoding") {
case "gzip": case "gzip":
reader, err = gzip.NewReader(resp.Body) reader, err = gzip.NewReader(bytes.NewReader(bodyOrig))
case "deflate": case "deflate":
reader, err = zlib.NewReader(resp.Body) reader, err = zlib.NewReader(bytes.NewReader(bodyOrig))
default: default:
reader = resp.Body return bodyOrig, nil
} }
if err != nil { if err != nil {
return nil, err return nil, err