Fixed http body decoding with unsafe

2021-06-15 11:46:02 +05:30 · 2021-06-15 11:46:02 +05:30 · dbb70c5acc
parent f5b9bed40a
commit dbb70c5acc
5 changed files with 11 additions and 9 deletions
--- a/integration_tests/http/raw-unsafe-request.yaml
+++ b/integration_tests/http/raw-unsafe-request.yaml
@ -17,4 +17,4 @@ requests:
    matchers:
      - type: word
        words:
-          - "This is test-raw-unsafe request matcher."
+          - "This is test raw-unsafe-matcher test"
--- a/integration_tests/run.sh
+++ b/integration_tests/run.sh
@ -2,10 +2,10 @@

 cd ../v2/cmd/nuclei
 go build
-cp nuclei ../../../integration_tests/nuclei 
+mv nuclei ../../../integration_tests/nuclei 
 cd ../integration-test
 go build
-cp integration-test ../../../integration_tests/integration-test 
+mv integration-test ../../../integration_tests/integration-test 
 cd ../../../integration_tests
 ./integration-test
 if [ $? -eq 0 ]
--- a/v2/cmd/integration-test/http.go
+++ b/v2/cmd/integration-test/http.go
@ -474,8 +474,7 @@ func (h *httpRawUnsafeRequest) Execute(filePath string) error {

 	ts := testutils.NewTCPServer(func(conn net.Conn) {
 		defer conn.Close()
-
-		_, _ = conn.Write([]byte("HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Length: 40\r\nContent-Type: text/plain; charset=utf-8\r\nDate: Thu, 25 Feb 2021 17:17:28 GMT\r\n\r\nThis is test-raw-unsafe request matcher.\r\n"))
+		_, _ = conn.Write([]byte("HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Length: 36\r\nContent-Type: text/plain; charset=utf-8\r\n\r\nThis is test raw-unsafe-matcher test"))
 	})
 	defer ts.Close()

--- a/v2/pkg/protocols/common/interactsh/interactsh.go
+++ b/v2/pkg/protocols/common/interactsh/interactsh.go
@ -3,6 +3,7 @@ package interactsh
 import (
 	"net/url"
 	"strings"
+	"sync/atomic"
 	"time"

 	"github.com/karlseguin/ccache"
@ -26,6 +27,7 @@ type Client struct {
 	// interactions is a stored cache for interactsh-interaction->interactsh-url data
 	interactions *ccache.Cache

+	generated        uint32 // decide to wait if we have a generated url
 	options          *Options
 	matched          bool
 	dotHostname      string
@ -157,12 +159,13 @@ func (c *Client) processInteractionForRequest(interaction *server.Interaction, d

 // URL returns a new URL that can be interacted with
 func (c *Client) URL() string {
+	atomic.CompareAndSwapUint32(&c.generated, 0, 1)
 	return c.interactsh.URL()
 }

 // Close closes the interactsh clients after waiting for cooldown period.
 func (c *Client) Close() bool {
-	if c.cooldownDuration > 0 {
+	if c.cooldownDuration > 0 && atomic.LoadUint32(&c.generated) == 1 {
 		time.Sleep(c.cooldownDuration)
 	}
 	c.interactsh.StopPolling()
--- a/v2/pkg/protocols/http/utils.go
+++ b/v2/pkg/protocols/http/utils.go
@ -105,11 +105,11 @@ func handleDecompression(resp *http.Response, bodyOrig []byte) (bodyDec []byte,
 	var reader io.ReadCloser
 	switch resp.Header.Get("Content-Encoding") {
 	case "gzip":
-		reader, err = gzip.NewReader(resp.Body)
+		reader, err = gzip.NewReader(bytes.NewReader(bodyOrig))
 	case "deflate":
-		reader, err = zlib.NewReader(resp.Body)
+		reader, err = zlib.NewReader(bytes.NewReader(bodyOrig))
 	default:
-		reader = resp.Body
+		return bodyOrig, nil
 	}
 	if err != nil {
 		return nil, err