nuclei/pkg/requests/http-request.go

package requests

import (
	"io/ioutil"
	"net/http"
	"net/url"
	"strings"

	"github.com/projectdiscovery/nuclei/pkg/extractors"
	"github.com/projectdiscovery/nuclei/pkg/matchers"
	retryablehttp "github.com/projectdiscovery/retryablehttp-go"
	"github.com/valyala/fasttemplate"
)

// HTTPRequest contains a request to be made from a template
type HTTPRequest struct {
	// Method is the request method, whether GET, POST, PUT, etc
	Method string `yaml:"method"`
	// Path contains the path/s for the request
	Path []string `yaml:"path"`
	// Headers contains headers to send with the request
	Headers map[string]string `yaml:"headers,omitempty"`
	// Body is an optional parameter which contains the request body for POST methods, etc
	Body string `yaml:"body,omitempty"`
	// Matchers contains the detection mechanism for the request to identify
	// whether the request was successful
	Matchers []*matchers.Matcher `yaml:"matchers,omitempty"`
	// Extractors contains the extraction mechanism for the request to identify
	// and extract parts of the response.
	Extractors []*extractors.Extractor `yaml:"extractors,omitempty"`
	// Redirects specifies whether redirects should be followed.
	Redirects bool `yaml:"redirects,omitempty"`
	// MaxRedirects is the maximum number of redirects that should be followed.
	MaxRedirects int `yaml:"max-redirects,omitempty"`
}

// MakeHTTPRequest creates a *http.Request from a request template
func (r *HTTPRequest) MakeHTTPRequest(baseURL string) ([]*retryablehttp.Request, error) {
	parsed, err := url.Parse(baseURL)
	if err != nil {
		return nil, err
	}
	hostname := parsed.Hostname()

	requests := make([]*retryablehttp.Request, 0, len(r.Path))
	for _, path := range r.Path {
		// Replace the dynamic variables in the URL if any
		t := fasttemplate.New(path, "{{", "}}")
		url := t.ExecuteString(map[string]interface{}{
			"BaseURL":  baseURL,
			"Hostname": hostname,
		})

		// Build a request on the specified URL
		req, err := http.NewRequest(r.Method, url, nil)
		if err != nil {
			return nil, err
		}

		// Check if the user requested a request body
		if r.Body != "" {
			req.Body = ioutil.NopCloser(strings.NewReader(r.Body))
		}

		// Set the header values requested
		for header, value := range r.Headers {
			req.Header.Set(header, value)
		}

		// Set some headers only if the header wasn't supplied by the user
		if _, ok := r.Headers["User-Agent"]; !ok {
			req.Header.Set("User-Agent", "Nuclei (@pdiscoveryio)")
		}
		if _, ok := r.Headers["Accept"]; !ok {
			req.Header.Set("Accept", "*/*")
		}
		if _, ok := r.Headers["Accept-Language"]; !ok {
			req.Header.Set("Accept-Language", "en")
		}
		req.Header.Set("Connection", "close")
		req.Close = true

		request, err := retryablehttp.FromRequest(req)
		if err != nil {
			return nil, err
		}

		requests = append(requests, request)
	}

	return requests, nil
}
Added readme + templates/requests start 2020-04-03 18:47:57 +00:00			`package requests`

			`import (`
Added requests + compile 2020-04-03 21:20:32 +00:00			`"io/ioutil"`
			`"net/http"`
Added dynamic templating 2020-04-03 21:56:11 +00:00			`"net/url"`
Added requests + compile 2020-04-03 21:20:32 +00:00			`"strings"`

Added extractors to the workflow + misc 2020-04-05 19:14:45 +00:00			`"github.com/projectdiscovery/nuclei/pkg/extractors"`
Added readme + templates/requests start 2020-04-03 18:47:57 +00:00			`"github.com/projectdiscovery/nuclei/pkg/matchers"`
Added retryablehttp 2020-04-04 11:42:29 +00:00			`retryablehttp "github.com/projectdiscovery/retryablehttp-go"`
Added dynamic templating 2020-04-03 21:56:11 +00:00			`"github.com/valyala/fasttemplate"`
Added readme + templates/requests start 2020-04-03 18:47:57 +00:00			`)`

poc implementation of dns templating 2020-04-22 20:45:02 +00:00			`// HTTPRequest contains a request to be made from a template`
			`type HTTPRequest struct {`
Added readme + templates/requests start 2020-04-03 18:47:57 +00:00			`// Method is the request method, whether GET, POST, PUT, etc`
			Method string `yaml:"method"`
			`// Path contains the path/s for the request`
			Path []string `yaml:"path"`
			`// Headers contains headers to send with the request`
			Headers map[string]string `yaml:"headers,omitempty"`
			`// Body is an optional parameter which contains the request body for POST methods, etc`
			Body string `yaml:"body,omitempty"`
			`// Matchers contains the detection mechanism for the request to identify`
			`// whether the request was successful`
Fixed #5 leading to default headers not being set 2020-04-05 18:28:22 +00:00			Matchers []*matchers.Matcher `yaml:"matchers,omitempty"`
			`// Extractors contains the extraction mechanism for the request to identify`
			`// and extract parts of the response.`
Added extractors to the workflow + misc 2020-04-05 19:14:45 +00:00			Extractors []*extractors.Extractor `yaml:"extractors,omitempty"`
Added configurable redirects per request 2020-04-22 22:26:41 +00:00			`// Redirects specifies whether redirects should be followed.`
			Redirects bool `yaml:"redirects,omitempty"`
			`// MaxRedirects is the maximum number of redirects that should be followed.`
			MaxRedirects int `yaml:"max-redirects,omitempty"`
Added readme + templates/requests start 2020-04-03 18:47:57 +00:00			`}`
Added requests + compile 2020-04-03 21:20:32 +00:00
poc implementation of dns templating 2020-04-22 20:45:02 +00:00			`// MakeHTTPRequest creates a *http.Request from a request template`
			`func (r HTTPRequest) MakeHTTPRequest(baseURL string) ([]retryablehttp.Request, error) {`
Added dynamic templating 2020-04-03 21:56:11 +00:00			`parsed, err := url.Parse(baseURL)`
			`if err != nil {`
			`return nil, err`
			`}`
			`hostname := parsed.Hostname()`
Added requests + compile 2020-04-03 21:20:32 +00:00
Added retryablehttp 2020-04-04 11:42:29 +00:00			`requests := make([]*retryablehttp.Request, 0, len(r.Path))`
Added requests + compile 2020-04-03 21:20:32 +00:00			`for _, path := range r.Path {`
Added dynamic templating 2020-04-03 21:56:11 +00:00			`// Replace the dynamic variables in the URL if any`
			`t := fasttemplate.New(path, "{{", "}}")`
			`url := t.ExecuteString(map[string]interface{}{`
			`"BaseURL": baseURL,`
			`"Hostname": hostname,`
			`})`
Added requests + compile 2020-04-03 21:20:32 +00:00
Added dynamic templating 2020-04-03 21:56:11 +00:00			`// Build a request on the specified URL`
Added requests + compile 2020-04-03 21:20:32 +00:00			`req, err := http.NewRequest(r.Method, url, nil)`
			`if err != nil {`
			`return nil, err`
			`}`

			`// Check if the user requested a request body`
			`if r.Body != "" {`
			`req.Body = ioutil.NopCloser(strings.NewReader(r.Body))`
			`}`

			`// Set the header values requested`
			`for header, value := range r.Headers {`
			`req.Header.Set(header, value)`
			`}`
Added working runners + misc + logics etc 2020-04-04 10:29:05 +00:00
			`// Set some headers only if the header wasn't supplied by the user`
			`if _, ok := r.Headers["User-Agent"]; !ok {`
			`req.Header.Set("User-Agent", "Nuclei (@pdiscoveryio)")`
			`}`
Fixed #5 leading to default headers not being set 2020-04-05 18:28:22 +00:00			`if _, ok := r.Headers["Accept"]; !ok {`
			`req.Header.Set("Accept", "/")`
			`}`
			`if _, ok := r.Headers["Accept-Language"]; !ok {`
			`req.Header.Set("Accept-Language", "en")`
			`}`
Added working runners + misc + logics etc 2020-04-04 10:29:05 +00:00			`req.Header.Set("Connection", "close")`
			`req.Close = true`

Added retryablehttp 2020-04-04 11:42:29 +00:00			`request, err := retryablehttp.FromRequest(req)`
			`if err != nil {`
			`return nil, err`
			`}`

			`requests = append(requests, request)`
Added requests + compile 2020-04-03 21:20:32 +00:00			`}`

			`return requests, nil`
			`}`