-mdc and -fdc options do not work.

[Nzoth9]

Hi, I'm using the following options. -mdc 'status_code == 200' -fdc "contains(body, 'refresh')"

The expected result is ignored if the response code is not 200 or the refresh string is contained within the content being responded to. but it doesn't work. (katana version is v1.0.4)

have a great day!

[dogancanbakir]

Thanks for opening the issue. I tried with scanme.sh and it's working:

the response we get each request:

cat katana_response/scanme.sh/15c54a7d479109d03421bebc2860bcf1a4b0a342.txt 
https://scanme.sh


GET / HTTP/1.1
Host: scanme.sh
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Accept-Encoding: gzip



HTTP/1.1 200 OK
Content-Length: 2
Content-Type: text/plain; charset=utf-8
Date: Fri, 12 Jan 2024 12:16:47 GMT

ok

status code and body is matched, so it's filtered out by -fdc:

$ go run . -u scanme.sh -mdc 'status_code == 200' -fdc 'contains(body, "ok")' -silent

status code is matched but body is not matched, so it's not filtered out by -fdc:

$ go run . -u scanme.sh -mdc 'status_code == 200' -fdc 'contains(body, "dummy")' -silent
https://scanme.sh

Let us know if you have further questions!

[Nzoth9]

Hello, @glaucocustodio! First at all, thanks to reply <3
I ran katana with the command below, but it will be detected.

katana -d 10 -ef "png,js,css,svg,jpg" -headless -no-incognito -u https://www.domain.com -mdc "status_code == 200" -fdc "contains(body, 'refresh')"

   __        __
  / /_____ _/ /____ ____  ___ _
 /  '_/ _  / __/ _  / _ \/ _  /
/_/\_\\_,_/\__/\_,_/_//_/\_,_/							

		projectdiscovery.io

[INF] Current katana version v1.0.4 (outdated)
[INF] Started headless crawling for => https://www.domain.com
https://www.domain.com/a

The proxy request/response for the /a path is shown below.

GET /a HTTP/2
Host: www.domain.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: ko-KR,ko;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Dnt: 1
Sec-Gpc: 1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Te: trailers

HTTP/2 200 OK
Content-Type: text/html
Last-Modified: Mon, 07 Dec 2020 03:44:46 GMT
Accept-Ranges: bytes
Etag: "0b2a4e4bccd61:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Date: Tue, 16 Jan 2024 06:46:37 GMT
Content-Length: 102

<html>
<head>
<meta http-equiv="refresh" content="0; url=/index.asp"></meta>
</head>
</html>

Am I missing something?

• I just tested it after removing the --headless option, and the -fdc option seems to be working fine. If I add it back, it still detects the /a path. if i use --headless, will the -fdc option be ignored?
• If I remove --headless and add -jc, katana again detect the /a path.

[dogancanbakir]

In my case, above, it works both with -headless and without it. Can you please provide the exact repro steps? You can always DM us on Discord if you're uncomfortable sharing them here -target, for example.

[Nzoth9]

Thanks to reply, @dogancanbakir! I've sent you a private message on discord, please check it when you're not busy.

[dogancanbakir]

The given URL wasn't reachable; I couldn't test it.