adding in-template cookie reuse

projectdiscovery · Jul 16, 2020 · a256a56 · a256a56
1 parent a4ac439
commit a256a56
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 2 deletions.
diff --git a/v2/internal/runner/runner.go b/v2/internal/runner/runner.go
@@ -259,6 +259,7 @@ func (r *Runner) processTemplateWithList(template *templates.Template, request i
 			ProxySocksURL: r.options.ProxySocksURL,
 			CustomHeaders: r.options.CustomHeaders,
 			JSON:          r.options.JSON,
+			CookieReuse:   value.CookieReuse,
 		})
 	}
 	if err != nil {

diff --git a/v2/pkg/executer/executer_http.go b/v2/pkg/executer/executer_http.go
@@ -7,6 +7,7 @@ import (
 	"io"
 	"io/ioutil"
 	"net/http"
+	"net/http/cookiejar"
 	"net/http/httputil"
 	"net/url"
 	"os"
@@ -36,6 +37,7 @@ type HTTPExecuter struct {
 	writer        *bufio.Writer
 	outputMutex   *sync.Mutex
 	customHeaders requests.CustomHeaders
+	CookieJar     *cookiejar.Jar
 }
 
 // HTTPOptions contains configuration options for the HTTP executer.
@@ -50,6 +52,8 @@ type HTTPOptions struct {
 	Debug         bool
 	JSON          bool
 	CustomHeaders requests.CustomHeaders
+	CookieReuse   bool
+	CookieJar     *cookiejar.Jar
 }
 
 // NewHTTPExecuter creates a new HTTP executer from a template
@@ -68,6 +72,15 @@ func NewHTTPExecuter(options *HTTPOptions) (*HTTPExecuter, error) {
 	// Create the HTTP Client
 	client := makeHTTPClient(proxyURL, options)
 	client.CheckRetry = retryablehttp.HostSprayRetryPolicy()
+	if options.CookieJar != nil {
+		client.HTTPClient.Jar = options.CookieJar
+	} else if options.CookieReuse {
+		jar, err := cookiejar.New(nil)
+		if err != nil {
+			return nil, err
+		}
+		client.HTTPClient.Jar = jar
+	}
 
 	executer := &HTTPExecuter{
 		debug:         options.Debug,
@@ -79,6 +92,7 @@ func NewHTTPExecuter(options *HTTPOptions) (*HTTPExecuter, error) {
 		outputMutex:   &sync.Mutex{},
 		writer:        options.Writer,
 		customHeaders: options.CustomHeaders,
+		CookieJar:     options.CookieJar,
 	}
 	return executer, nil
 }

diff --git a/v2/pkg/requests/http-request.go b/v2/pkg/requests/http-request.go
@@ -34,6 +34,8 @@ type HTTPRequest struct {
 	Headers map[string]string `yaml:"headers,omitempty"`
 	// Body is an optional parameter which contains the request body for POST methods, etc
 	Body string `yaml:"body,omitempty"`
+	// CookieReuse is an optional setting that makes cookies shared within requests
+	CookieReuse bool `yaml:"cookie-reuse,omitempty"`
 	// Matchers contains the detection mechanism for the request to identify
 	// whether the request was successful
 	Matchers []*matchers.Matcher `yaml:"matchers,omitempty"`

diff --git a/v2/pkg/workflows/var.go b/v2/pkg/workflows/var.go
@@ -42,12 +42,12 @@ func (n *NucleiVar) Call(args ...tengo.Object) (ret tengo.Object, err error) {
 
 	// if external variables are specified and matches the template ones, these gets overwritten
 	if len(args) >= 1 {
-		headers = iterableToMapString(&args[0])
+		headers = iterableToMapString(args[0])
 	}
 
 	// if external variables are specified and matches the template ones, these gets overwritten
 	if len(args) >= 2 {
-		externalVars = iterableToMap(&args[1])
+		externalVars = iterableToMap(args[1])
 	}
 
 	var gotResult bool