Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Checking socks5 proxy before launching a scan #1001

Closed
osamahamad opened this issue Sep 8, 2021 · 2 comments · Fixed by #1225
Closed

Checking socks5 proxy before launching a scan #1001

osamahamad opened this issue Sep 8, 2021 · 2 comments · Fixed by #1225
Assignees
@LuitelSamikshya
Labels
Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.
Milestone
v2.5.4

Comments

@osamahamad
Copy link

Is your feature request related to a problem? Please describe.
When using socks5 proxy and try to test a website / list of websites.

Example;

nuclei -t /x/nuclei-templates/vulnerabilities/jira/ -u https://tpx.sys.comcast.net -proxy-socks-url socks5://xaxa:xaxa@2.56.103.2:12888

nuclei response will be [INF] No results found in case -proxy-socks-url contains false credentials / wrong IP ..etc

when performing nuclei -t /x/nuclei-templates/vulnerabilities/jira/ -u https://tpx.sys.comcast.net
will result

[2021-09-08 14:46:13] [jira-unauthenticated-adminprojects] [http] [info] https://tpx.sys.comcast.net/rest/menu/latest/admin
[2021-09-08 14:46:13] [jira-unauthenticated-dashboards] [http] [info] https://tpx.sys.comcast.net/rest/api/2/dashboard?maxResults=100
[2021-09-08 14:46:13] [jira-unauthenticated-projectcategories] [http] [info] https://tpx.sys.comcast.net/rest/api/2/projectCategory?maxResults=1000
[2021-09-08 14:46:13] [jira-unauthenticated-resolutions] [http] [info] https://tpx.sys.comcast.net/rest/api/2/resolution
[2021-09-08 14:46:13] [jira-unauthenticated-installed-gadgets] [http] [info] https://tpx.sys.comcast.net/rest/config/1.0/directory

also, trying -proxy-socks-url with true credentials attempt will result in



[2021-09-08 14:46:13] [jira-unauthenticated-adminprojects] [http] [info] https://tpx.sys.comcast.net/rest/menu/latest/admin
[2021-09-08 14:46:13] [jira-unauthenticated-dashboards] [http] [info] https://tpx.sys.comcast.net/rest/api/2/dashboard?maxResults=100
[2021-09-08 14:46:13] [jira-unauthenticated-projectcategories] [http] [info] https://tpx.sys.comcast.net/rest/api/2/projectCategory?maxResults=1000
[2021-09-08 14:46:13] [jira-unauthenticated-resolutions] [http] [info] https://tpx.sys.comcast.net/rest/api/2/resolution
[2021-09-08 14:46:13] [jira-unauthenticated-installed-gadgets] [http] [info] https://tpx.sys.comcast.net/rest/config/1.0/directory

That being said, nuclei does not check if the -proxy-socks-url argument has a valid socks5 proxy before launching the scan. I wish it check argument value and in case the provided socks5 proxy is invalid due to wrong credentials supply or expired then nuclei will notify the user in stdout with something like ( proxy is invalid ) or Can't complete SOCKS5 connection to xxx port xxx and Ignore -proxy-socks-url argument and lunch the scan without proxy attempt ( the user might be able to control being able to perform the scan without proxy in case the proxy is invalid by additional flag )

Something like curl ; in the screenshot is an example when you supply true + false credentials.

image

This is helpful since most of the time since proxies can be used to avoid having your IP blocked by WAF or sometimes to bypass specific WAFs configurations. Also, most of the time proxies might get expired so the user supposed to know that and optionally being able to perform a scan with ignoring proxy flag ( specially if nuclei command used in a script ) is a plus.
@forgedhallpass
Copy link
Contributor

Hello @osamahamad,

Your request makes sense, and we can definitely add such validations, although I am not sure ignoring the proxy in case of errors is a good idea. Quite the opposite actually, because it might give a false sense of security to those who would want to mask their IP addresses. As an enhancement, we could accept a file with a list of proxies and nuclei could go through them until it finds a working one, but if none of them are valid, I think the application should exit with an error code. If you want to default to no-proxy, then you could adjust your automation script to do so, based on the exit code.

@ehsandeep ehsandeep added the Type: Enhancement Most issues will probably ask for additions or changes. label Sep 9, 2021
@forgedhallpass
Copy link
Contributor

forgedhallpass commented Oct 12, 2021
edited
Loading

Proposed solution:

  • consolidate the -proxy-url and -proxy-socks-url flags
  • remove the -proxy-sock-url flag
  • decide on the proxy type based on the value prefix:
  • http (e.g. http[s]://[user:password]@proxyurl[:port])
  • socks (e.g. socks4://proxyurl[:port], socks5://[user:password]@proxyurl[:port])
  • if none of the above, try using the input as file path (absolute or relative to the working directory) and try to use the first line as proxy. If that fails, move to the next, until a valid proxy is found or the EOF is reached.
  • If a valid proxy is found, also set the HTTP_PROXY environmental variable to the same value. If os.Setenv() returns with an error then log it (-vv) and ignore the error

@LuitelSamikshya LuitelSamikshya self-assigned this Oct 14, 2021
@forgedhallpass forgedhallpass mentioned this issue Oct 19, 2021
Closed
@LuitelSamikshya LuitelSamikshya linked a pull request Oct 21, 2021 that will close this issue
feat: Checking socks5 proxy before launching a scan #1001 #1169
Merged
7 tasks
@forgedhallpass forgedhallpass added the Status: In Progress This issue is being worked on, and has someone assigned. label Oct 25, 2021
@forgedhallpass forgedhallpass changed the title [feature] Checking socks5 proxy before launching a scan Checking socks5 proxy before launching a scan Oct 26, 2021
@forgedhallpass forgedhallpass added Status: Review Needed The issue has a PR attached to it which needs to be reviewed and removed Status: In Progress This issue is being worked on, and has someone assigned. labels Oct 26, 2021
LuitelSamikshya added a commit that referenced this issue Nov 5, 2021
@LuitelSamikshya
feat: Checking socks5 proxy before launching a scan #1001 (#1169)
c125df4 
* "#issue1001"

* changes for #issue1001

* minor changes

* minor

* flag consolidation and proxy file #issue1001

* readme changes

* review changes

* enviroment variable changes

* review comment changes

* review changes

* removed commented out code
ehsandeep added a commit that referenced this issue Nov 5, 2021
@ehsandeep
Revert "feat: Checking socks5 proxy before launching a scan #1001 (#1169
348d86d 
)"

This reverts commit c125df4.
ehsandeep added a commit that referenced this issue Nov 5, 2021
@ehsandeep
Merge pull request #1224 from projectdiscovery/revert-1169-#issue1001
9a55fcd 
Revert "feat: Checking socks5 proxy before launching a scan #1001"
@ehsandeep ehsandeep added Status: Completed Nothing further to be done with this issue. Awaiting to be closed. and removed Status: Review Needed The issue has a PR attached to it which needs to be reviewed labels Nov 5, 2021
@ehsandeep ehsandeep removed a link to a pull request Nov 5, 2021
feat: Checking socks5 proxy before launching a scan #1001 #1169
Merged
7 tasks
@ehsandeep ehsandeep linked a pull request Nov 5, 2021 that will close this issue
feat: Checking socks5 proxy before launching a scan #1001 #1225
Merged
7 tasks
ehsandeep added a commit that referenced this issue Nov 6, 2021
@ehsandeep
Revert "feat: Checking socks5 proxy before launching a scan #1001 (#1169
89c6e76 
)"

This reverts commit c125df4.
ehsandeep added a commit that referenced this issue Nov 10, 2021
@LuitelSamikshya @parrasajad @ehsandeep
feat: Checking socks5 proxy before launching a scan #1001 (#1225)
0e46d3e 
* Proxy validation and list input support

Co-authored-by: Sajad Parra <parrasajad@gmail.com>
Co-authored-by: sandeep <sandeep@projectdiscovery.io>
@ehsandeep ehsandeep added this to the v2.5.4 milestone Nov 10, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@LuitelSamikshya LuitelSamikshya

Labels
Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Milestone
v2.5.4
Development

Successfully merging a pull request may close this issue.

feat: Checking socks5 proxy before launching a scan #1001 projectdiscovery/nuclei
4 participants
@ehsandeep @forgedhallpass @osamahamad @LuitelSamikshya