-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Moving failure check past interactsh eviction #5029
base: dev
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- looks like '{{interactsh-url}}' markers used in payloads are not getting matched [ both directly in payloads or by referencing from variables ]
id: interactsh-stop-at-first-match-integration-test
info:
name: Interactsh StopAtFirstMatch Integration Test
author: pdteam
severity: info
variables:
oast: "{{interactsh-url}}"
http:
- raw:
- |
GET /{{data}} HTTP/1.1
Host: {{BaseURL}}
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: close
Upgrade-Insecure-Requests: 1
Cache-Control: max-age=0
payloads:
data:
- "{{oast}}"
- "1"
- "2"
- "3"
- "4"
stop-at-first-match: true
matchers:
- type: word
part: interactsh_protocol # Confirms DNS Interaction
words:
- "dns"
$ ./nuclei -u http://honey.scanme.sh -t a.yaml -v -interactions-cooldown-period 20
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.2.4
projectdiscovery.io
[VER] Started metrics server at localhost:9092
[INF] Current nuclei version: v3.2.4 (latest)
[INF] Current nuclei-templates version: v9.8.1 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 77
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] Using Interactsh Server: oast.online
[VER] [interactsh-stop-at-first-match-integration-test] Sent HTTP request to http://honey.scanme.sh/1
[VER] [interactsh-stop-at-first-match-integration-test] Sent HTTP request to http://honey.scanme.sh/3
[VER] [interactsh-stop-at-first-match-integration-test] Sent HTTP request to http://honey.scanme.sh/2
[VER] [interactsh-stop-at-first-match-integration-test] Sent HTTP request to http://honey.scanme.sh/4
[VER] [interactsh-stop-at-first-match-integration-test] Sent HTTP request to http://honey.scanme.sh/coc4r9ko47mo1skqsn90spcowb3qbgyht.oast.online
[INF] No results found. Better luck next time!
Note if we replace {{data}} marker with {{interactsh-url}} it is working , this seems to be issue specific to payloads !
$ nuclei -u http://honey.scanme.sh -t a.yaml -v -interactions-cooldown-period 20
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.2.4
projectdiscovery.io
[VER] Started metrics server at localhost:9092
[INF] Current nuclei version: v3.2.4 (latest)
[INF] Current nuclei-templates version: v9.8.1 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 77
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] Using Interactsh Server: oast.fun
[VER] [interactsh-stop-at-first-match-integration-test] Sent HTTP request to http://honey.scanme.sh/1
[VER] [interactsh-stop-at-first-match-integration-test] Sent HTTP request to http://honey.scanme.sh/4
[VER] [interactsh-stop-at-first-match-integration-test] Sent HTTP request to http://honey.scanme.sh/3
[VER] [interactsh-stop-at-first-match-integration-test] Sent HTTP request to http://honey.scanme.sh/2
[VER] [interactsh-stop-at-first-match-integration-test] Sent HTTP request to http://honey.scanme.sh/coc4saco47mo22ffnj90i3f7iueisetuk.oast.fun
[INF] No results found. Better luck next time! |
this feels like common usecase( interactsh + payloads ) ex: #5020 looking at gcache , default cache size is 5000 items , and eviction is set to 60 sec. and the default response read size (in-memory is set to 10 MB) . assuming worst case , if we are running fuzzing templates with payloads and have sent say 5000 requests < 1 min memory would spike from 1-50 GB ( could lead to oom kill maybe ) would it be better to use disk cache instead of gcache for requests ?? to handle such spikes , considering that interactsh hit rate would be very low in normal / real-world conditions cc: @Mzack9999 |
I think the issue is because the interactsh handling is completely missing within the |
Introducing interactsh support within |
Proposed changes
Cherry picking interactsh hotfix for #4980 from #5018 via yet another callback (deferred failure write to the very end based on the reasoning that matching are impossible post eviction)
Before:
After:
Interactsh were simulated via this snippet at
github.com/projectdiscovery/nuclei/pkg/protocols/common/interactsh/interactsh.go
in funcNewURLWithData(...)
Checklist