From a7d6d5ce9d7271fe8d20ab0c2e81bb3a29e9ad1a Mon Sep 17 00:00:00 2001 From: Ice3man Date: Fri, 25 Feb 2022 19:26:10 +0530 Subject: [PATCH] Added read-all flag to http unsafe request --- v2/go.mod | 4 ++-- v2/go.sum | 3 ++- v2/pkg/protocols/http/http.go | 4 ++++ v2/pkg/protocols/http/request.go | 1 + 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/v2/go.mod b/v2/go.mod index 9e7298f5..f311adf5 100644 --- a/v2/go.mod +++ b/v2/go.mod @@ -35,13 +35,12 @@ require ( github.com/projectdiscovery/hmap v0.0.2-0.20210917080408-0fd7bd286bfa github.com/projectdiscovery/interactsh v1.0.1-0.20220131074403-ca8bb8f87cd0 github.com/projectdiscovery/nuclei-updatecheck-api v0.0.0-20211006155443-c0a8d610a4df - github.com/projectdiscovery/rawhttp v0.0.7 + github.com/projectdiscovery/rawhttp v0.0.8-0.20220225134552-b60c4c126e5b github.com/projectdiscovery/retryabledns v1.0.13-0.20211109182249-43d38df59660 github.com/projectdiscovery/retryablehttp-go v1.0.2 github.com/projectdiscovery/stringsutil v0.0.0-20220119085121-22513a958700 github.com/projectdiscovery/yamldoc-go v1.0.3-0.20211126104922-00d2c6bb43b6 github.com/remeh/sizedwaitgroup v1.0.0 - github.com/rs/xid v1.3.0 // indirect github.com/segmentio/ksuid v1.0.4 github.com/shirou/gopsutil/v3 v3.22.1 github.com/spaolacci/murmur3 v1.1.0 @@ -71,6 +70,7 @@ require ( github.com/Ice3man543/nvd v1.0.8 github.com/openrdap/rdap v0.9.1-0.20191017185644-af93e7ef17b7 github.com/projectdiscovery/iputil v0.0.0-20210804143329-3a30fcde43f3 + github.com/rs/xid v1.3.0 github.com/stretchr/testify v1.7.0 github.com/zmap/zcrypto v0.0.0-20211005224000-2d0ffdec8a9b ) diff --git a/v2/go.sum b/v2/go.sum index 579ad74a..b55a0921 100644 --- a/v2/go.sum +++ b/v2/go.sum @@ -455,8 +455,9 @@ github.com/projectdiscovery/networkpolicy v0.0.1/go.mod h1:asvdg5wMy3LPVMGALateb github.com/projectdiscovery/nuclei-updatecheck-api v0.0.0-20211006155443-c0a8d610a4df h1:CvTNAUD5JbLMqpMFoGNgfk2gOcN0NC57ICu0+oK84vs= github.com/projectdiscovery/nuclei-updatecheck-api v0.0.0-20211006155443-c0a8d610a4df/go.mod h1:pxWVDgq88t9dWv4+J2AIaWgY+EqOE1AyfHS0Tn23w4M= github.com/projectdiscovery/nuclei/v2 v2.5.1/go.mod h1:sU2qcY0MQFS0CqP1BgkR8ZnUyFhqK0BdnY6bvTKNjXY= -github.com/projectdiscovery/rawhttp v0.0.7 h1:5m4peVgjbl7gqDcRYMTVEuX+Xs/nh76ohTkkvufucLg= github.com/projectdiscovery/rawhttp v0.0.7/go.mod h1:PQERZAhAv7yxI/hR6hdDPgK1WTU56l204BweXrBec+0= +github.com/projectdiscovery/rawhttp v0.0.8-0.20220225134552-b60c4c126e5b h1:ODEtmulEsryrOR3z949wxAdwFiRlnqn2HUh+dHcBK6w= +github.com/projectdiscovery/rawhttp v0.0.8-0.20220225134552-b60c4c126e5b/go.mod h1:jAoQA4i8iu2v4u50ufmlky1t1WsBKpFP2XKd3BbY2y4= github.com/projectdiscovery/retryabledns v1.0.11/go.mod h1:4sMC8HZyF01HXukRleSQYwz4870bwgb4+hTSXTMrkf4= github.com/projectdiscovery/retryabledns v1.0.12/go.mod h1:4sMC8HZyF01HXukRleSQYwz4870bwgb4+hTSXTMrkf4= github.com/projectdiscovery/retryabledns v1.0.13-0.20210916165024-76c5b76fd59a/go.mod h1:tXaLDs4n3pRZHwfa8mdXpUWe/AYDNK3HlWDjldhRbjI= diff --git a/v2/pkg/protocols/http/http.go b/v2/pkg/protocols/http/http.go index 4c018d14..af2078dc 100644 --- a/v2/pkg/protocols/http/http.go +++ b/v2/pkg/protocols/http/http.go @@ -139,6 +139,10 @@ type Request struct { // all requests defined in raw section. CookieReuse bool `yaml:"cookie-reuse,omitempty" jsonschema:"title=optional cookie reuse enable,description=Optional setting that enables cookie reuse"` // description: | + // Enables force reading of the entire raw unsafe request body ignoring + // any specified content length headers. + ForceReadAllBody bool `yaml:"read-all,omitempty" jsonschema:"title=force read all body,description=Enables force reading of entire unsafe http request body"` + // description: | // Redirects specifies whether redirects should be followed by the HTTP Client. // // This can be used in conjunction with `max-redirects` to control the HTTP request redirects. diff --git a/v2/pkg/protocols/http/request.go b/v2/pkg/protocols/http/request.go index ec677735..4ca13180 100644 --- a/v2/pkg/protocols/http/request.go +++ b/v2/pkg/protocols/http/request.go @@ -383,6 +383,7 @@ func (request *Request) executeRequest(reqURL string, generatedRequest *generate options := generatedRequest.original.rawhttpClient.Options options.FollowRedirects = request.Redirects options.CustomRawBytes = generatedRequest.rawRequest.UnsafeRawBytes + options.ForceReadAllBody = request.ForceReadAllBody resp, err = generatedRequest.original.rawhttpClient.DoRawWithOptions(generatedRequest.rawRequest.Method, reqURL, generatedRequest.rawRequest.Path, generators.ExpandMapValues(generatedRequest.rawRequest.Headers), ioutil.NopCloser(strings.NewReader(generatedRequest.rawRequest.Data)), options) } else { hostname = generatedRequest.request.URL.Host