Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Headless issue with root user #132

Merged
merged 8 commits into from
Nov 11, 2022
Merged

Headless issue with root user #132

merged 8 commits into from
Nov 11, 2022

Conversation

edoardottt
Copy link
Contributor

@edoardottt edoardottt commented Nov 7, 2022
edited

Context: #131.

⚠️⚠️I know the tests I have just added are failing, I would like to know if accepting custom headers with empty key or empty value is an intended implementation.⚠️⚠️

sudo /home/edoardottt/go/bin/katana -hl -u http://edoardottt.com
[sudo] password for edoardottt: 

   __        __                
  / /_____ _/ /____ ____  ___ _
 /  '_/ _  / __/ _  / _ \/ _  /
/_/\_\\_,_/\__/\_,_/_//_/\_,_/ v0.0.1							 

		projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[FTL] could not create runner: could not create standard crawler: [launcher] Failed to get the debug url: [1107/180405.382126:ERROR:zygote_host_impl_linux.cc(90)] Running as root without --no-sandbox is not supported. See https://crbug.com/638180.

This PR adds two flags as suggested:

   -hoa, -headless-optional-arguments string[]  pass optional arguments to chrome
   -hns, -headless-no-sandbox                   start chrome in --no-sandbox mode

I don't know actually if this is the best solution possible, -hns seems redundant when -hoa is present. Another solution could be try to detect if the user has sudo privileges (only on Linux?).

However, now it seems to work well with both two new flags:

Using -hoa

sudo ./cmd/katana/katana -hl -hoa no-sandbox=true -u http://edoardottt.com

   __        __                
  / /_____ _/ /____ ____  ___ _
 /  '_/ _  / __/ _  / _ \/ _  /
/_/\_\\_,_/\__/\_,_/_//_/\_,_/ v0.0.1							 

		projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
http://edoardottt.com/blog.html
http://edoardottt.com/cve.html
http://edoardottt.com/aboutme.html
http://edoardottt.com/cv.html

Using -hns

sudo ./cmd/katana/katana -hl -hns -u http://edoardottt.com

   __        __                
  / /_____ _/ /____ ____  ___ _
 /  '_/ _  / __/ _  / _ \/ _  /
/_/\_\\_,_/\__/\_,_/_//_/\_,_/ v0.0.1							 

		projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
http://edoardottt.com/blog.html
http://edoardottt.com/cve.html
http://edoardottt.com/aboutme.html
http://edoardottt.com/cv.html

Moreover, I have added some tests in order to check errors in the new function ParseHeadlessOptionalArguments() and the function ParseCustomHeaders().

This PR closes #131.

@edoardottt edoardottt mentioned this pull request Nov 7, 2022
Closed
@ehsandeep ehsandeep changed the base branch from main to dev November 8, 2022 10:39
@ehsandeep ehsandeep added the Status: Review Needed The issue has a PR attached to it which needs to be reviewed label Nov 9, 2022
Mzack9999
Mzack9999 requested changes Nov 9, 2022
View reviewed changes
Copy link
Member

@Mzack9999 Mzack9999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm - minor changes suggested

pkg/types/options.go Outdated Show resolved Hide resolved
pkg/types/options.go Outdated Show resolved Hide resolved
@ehsandeep ehsandeep merged commit bc05957 into projectdiscovery:dev Nov 11, 2022
@ehsandeep ehsandeep removed the Status: Review Needed The issue has a PR attached to it which needs to be reviewed label Nov 11, 2022
@ehsandeep ehsandeep mentioned this pull request Nov 11, 2022
Closed
@edoardottt edoardottt deleted the dev branch November 11, 2022 06:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ehsandeep ehsandeep ehsandeep approved these changes

@Mzack9999 Mzack9999 Mzack9999 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Headless issue with root user.
3 participants
@edoardottt @ehsandeep @Mzack9999