Merge remote-tracking branch 'origin/client-cert-auth' into client-cert-auth

# Conflicts: # v2/pkg/protocols/headless/engine/http_client.go
2021-10-27 12:15:12 -04:00 · 2021-10-27 12:15:12 -04:00 · c3503922c9
parent 4a1440a17b 808ed4edd2
commit c3503922c9
4 changed files with 63 additions and 1 deletions
--- a/integration_tests/http/interactsh.yaml
+++ b/integration_tests/http/interactsh.yaml
@ -0,0 +1,19 @@
+id: interactsh-integration-test
+
+info:
+  name: Interactsh Integration Test
+  author: pdteam
+  severity: info
+
+requests:
+  - method: GET
+    path:
+      - "{{BaseURL}}"
+    headers:
+      url: 'http://{{interactsh-url}}'
+
+    matchers:
+      - type: word
+        part: interactsh_protocol # Confirms the HTTP Interaction
+        words:
+          - "http"
--- a/v2/cmd/integration-test/http.go
+++ b/v2/cmd/integration-test/http.go
@ -31,9 +31,36 @@ var httpTestcases = map[string]testutils.TestCase{
 	"http/raw-unsafe-request.yaml":    &httpRawUnsafeRequest{},
 	"http/request-condition.yaml":     &httpRequestCondition{},
 	"http/request-condition-new.yaml": &httpRequestCondition{},
+	"http/interactsh.yaml":            &httpInteractshRequest{},
 	"http/self-contained.yaml":        &httpRequestSelContained{},
 }

+type httpInteractshRequest struct{}
+
+// Executes executes a test case and returns an error if occurred
+func (h *httpInteractshRequest) Execute(filePath string) error {
+	router := httprouter.New()
+	router.GET("/", httprouter.Handle(func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
+		value := r.Header.Get("url")
+		if value != "" {
+			if resp, _ := http.DefaultClient.Get(value); resp != nil {
+				resp.Body.Close()
+			}
+		}
+	}))
+	ts := httptest.NewServer(router)
+	defer ts.Close()
+
+	results, err := testutils.RunNucleiTemplateAndGetResults(filePath, ts.URL, debug)
+	if err != nil {
+		return err
+	}
+	if len(results) != 1 {
+		return errIncorrectResultsCount(results)
+	}
+	return nil
+}
+
 type httpGetHeaders struct{}

 // Execute executes a test case and returns an error if occurred
--- a/v2/pkg/protocols/headless/engine/http_client.go
+++ b/v2/pkg/protocols/headless/engine/http_client.go
@ -7,6 +7,7 @@ import (
 	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/utils"
 	"net"
 	"net/http"
+	"net/http/cookiejar"
 	"net/url"
 	"time"

@ -58,5 +59,17 @@ func newhttpClient(options *types.Options) *http.Client {
 		}
 	}

-	return &http.Client{Transport: transport, Timeout: time.Duration(options.Timeout*3) * time.Second}
+	jar, _ := cookiejar.New(nil)
+
+	httpclient := &http.Client{
+		Transport: transport,
+		Timeout:   time.Duration(options.Timeout*3) * time.Second,
+		Jar:       jar,
+		CheckRedirect: func(req *http.Request, via []*http.Request) error {
+			// the browser should follow redirects not us
+			return http.ErrUseLastResponse
+		},
+	}
+
+	return httpclient
 }
--- a/v2/pkg/protocols/headless/engine/rules.go
+++ b/v2/pkg/protocols/headless/engine/rules.go
@ -8,6 +8,9 @@ import (

 // routingRuleHandler handles proxy rule for actions related to request/response modification
 func (p *Page) routingRuleHandler(ctx *rod.Hijack) {
+	// usually browsers don't use chunked transfer encoding so we set the content-length nevertheless
+	ctx.Request.Req().ContentLength = int64(len(ctx.Request.Body()))
+
 	for _, rule := range p.rules {
 		if rule.Part != "request" {
 			continue