2021-11-01 10:17:20 +00:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"net"
|
|
|
|
"strings"
|
|
|
|
|
|
|
|
"github.com/gobwas/ws/wsutil"
|
2021-11-25 15:09:20 +00:00
|
|
|
|
2021-11-04 21:31:41 +00:00
|
|
|
"github.com/projectdiscovery/nuclei/v2/pkg/testutils"
|
2021-11-01 10:17:20 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
var websocketTestCases = map[string]testutils.TestCase{
|
|
|
|
"websocket/basic.yaml": &websocketBasic{},
|
|
|
|
"websocket/cswsh.yaml": &websocketCswsh{},
|
|
|
|
"websocket/no-cswsh.yaml": &websocketNoCswsh{},
|
2021-11-01 10:21:56 +00:00
|
|
|
"websocket/path.yaml": &websocketWithPath{},
|
2021-11-01 10:17:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type websocketBasic struct{}
|
|
|
|
|
|
|
|
// Execute executes a test case and returns an error if occurred
|
|
|
|
func (h *websocketBasic) Execute(filePath string) error {
|
|
|
|
connHandler := func(conn net.Conn) {
|
|
|
|
for {
|
|
|
|
msg, op, _ := wsutil.ReadClientData(conn)
|
2021-11-25 15:18:54 +00:00
|
|
|
if string(msg) != "hello" {
|
2021-11-01 10:17:20 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
_ = wsutil.WriteServerMessage(conn, op, []byte("world"))
|
|
|
|
}
|
|
|
|
}
|
|
|
|
originValidate := func(origin string) bool {
|
|
|
|
return true
|
|
|
|
}
|
2021-11-01 10:21:56 +00:00
|
|
|
ts := testutils.NewWebsocketServer("", connHandler, originValidate)
|
2021-11-01 10:17:20 +00:00
|
|
|
defer ts.Close()
|
|
|
|
|
|
|
|
results, err := testutils.RunNucleiTemplateAndGetResults(filePath, strings.ReplaceAll(ts.URL, "http", "ws"), debug)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2021-12-15 14:03:57 +00:00
|
|
|
|
|
|
|
return expectResultsCount(results, 1)
|
2021-11-01 10:17:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type websocketCswsh struct{}
|
|
|
|
|
|
|
|
// Execute executes a test case and returns an error if occurred
|
|
|
|
func (h *websocketCswsh) Execute(filePath string) error {
|
|
|
|
connHandler := func(conn net.Conn) {
|
|
|
|
|
|
|
|
}
|
|
|
|
originValidate := func(origin string) bool {
|
|
|
|
return true
|
|
|
|
}
|
2021-11-01 10:21:56 +00:00
|
|
|
ts := testutils.NewWebsocketServer("", connHandler, originValidate)
|
2021-11-01 10:17:20 +00:00
|
|
|
defer ts.Close()
|
|
|
|
|
|
|
|
results, err := testutils.RunNucleiTemplateAndGetResults(filePath, strings.ReplaceAll(ts.URL, "http", "ws"), debug)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2021-12-15 14:03:57 +00:00
|
|
|
|
|
|
|
return expectResultsCount(results, 1)
|
2021-11-01 10:17:20 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type websocketNoCswsh struct{}
|
|
|
|
|
|
|
|
// Execute executes a test case and returns an error if occurred
|
|
|
|
func (h *websocketNoCswsh) Execute(filePath string) error {
|
|
|
|
connHandler := func(conn net.Conn) {
|
|
|
|
|
|
|
|
}
|
|
|
|
originValidate := func(origin string) bool {
|
|
|
|
return origin == "https://google.com"
|
|
|
|
}
|
2021-11-01 10:21:56 +00:00
|
|
|
ts := testutils.NewWebsocketServer("", connHandler, originValidate)
|
|
|
|
defer ts.Close()
|
|
|
|
|
|
|
|
results, err := testutils.RunNucleiTemplateAndGetResults(filePath, strings.ReplaceAll(ts.URL, "http", "ws"), debug)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2021-12-15 14:03:57 +00:00
|
|
|
|
|
|
|
return expectResultsCount(results, 0)
|
2021-11-01 10:21:56 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
type websocketWithPath struct{}
|
|
|
|
|
|
|
|
// Execute executes a test case and returns an error if occurred
|
|
|
|
func (h *websocketWithPath) Execute(filePath string) error {
|
|
|
|
connHandler := func(conn net.Conn) {
|
|
|
|
|
|
|
|
}
|
|
|
|
originValidate := func(origin string) bool {
|
|
|
|
return origin == "https://google.com"
|
|
|
|
}
|
|
|
|
ts := testutils.NewWebsocketServer("/test", connHandler, originValidate)
|
2021-11-01 10:17:20 +00:00
|
|
|
defer ts.Close()
|
|
|
|
|
|
|
|
results, err := testutils.RunNucleiTemplateAndGetResults(filePath, strings.ReplaceAll(ts.URL, "http", "ws"), debug)
|
|
|
|
if err != nil {
|
|
|
|
return err
|
|
|
|
}
|
2021-12-15 14:03:57 +00:00
|
|
|
|
|
|
|
return expectResultsCount(results, 0)
|
2021-11-01 10:17:20 +00:00
|
|
|
}
|