How to use the headless waitevent action? #4461

LuD1161 · 2023-12-04T10:40:53Z

Initial thoughts

Discussing internally I got to know the following -
This is the method, in go-rod lib causing this err:

// ParseMethodName to domain and name
func ParseMethodName(method string) (domain, name string) {
	arr := strings.Split(method, ".")
	return arr[0], arr[1]
}

Discussed in #4411

^{Originally posted by tovask November 23, 2023}
The waitevent action does not work for me, can somebody give me an example how to use it?

I tried with a simple template:

id: waitevent
info:
    name: WaitEvent test
    severity: info
    author: Levente Kovats

headless:
  - steps:
      - action: navigate  
        args:
          url: "{{BaseURL}}"
      
      - action: waitevent
        args:
            event: 'Page.loadEventFired'

but Nuclei exited with an error:

$ ./nuclei -disable-update-check -headless -target https://imdb.com/ -templates waitevent.yaml -v -matcher-status

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.0.4

		projectdiscovery.io

[VER] Started metrics server at localhost:9092
[WRN] Template redirect_bug is not signed or tampered
[INF] Current nuclei version: v3.0.4 (outdated)
[INF] Current nuclei-templates version:  (outdated)
[INF] New templates added in latest release: 0
[INF] Templates loaded for current scan: 1
[INF] Targets loaded for current scan: 1
panic: runtime error: index out of range [1] with length 1

goroutine 24 [running]:
github.com/go-rod/rod/lib/proto.ParseMethodName(...)
	github.com/go-rod/rod@v0.114.0/lib/proto/a_interface.go:48
github.com/go-rod/rod.(*Browser).eachEvent(0xc0009c4550?, {0xc00050aa60, 0x20}, {0xc001c35278, 0x1, 0x0?})
	github.com/go-rod/rod@v0.114.0/browser.go:366 +0x4fe
github.com/go-rod/rod.(*Browser).waitEvent(0xc000ff8168?, {0xc00050aa60, 0x20}, {0x3211f40?, 0xc000ea7420?})
	github.com/go-rod/rod@v0.114.0/browser.go:348 +0x3a5
github.com/go-rod/rod.(*Page).WaitEvent(0xc00056e160, {0x3211f40, 0xc000ea7420})
	github.com/go-rod/rod@v0.114.0/page.go:564 +0x1b3
github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless/engine.(*Page).WaitEvent(0xc00248a240, 0xc000fff920?, 0xc00248ab40?)
	github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless/engine/page_actions.go:574 +0x14b
github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless/engine.(*Page).ExecuteActions(0xc00248a240, 0x16?, {0xc001b89220, 0x2, 0x0?}, 0x0?)
	github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless/engine/page_actions.go:72 +0x51b
github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless/engine.(*Instance).Run(0xc001c0ef40, 0xc000d046c0, {0xc001b89220, 0x2, 0x2}, 0xc000da9a40, 0xc000d04798)
	github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless/engine/page.go:139 +0x846
github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless.(*Request).executeRequestWithPayloads(0xc0000b0300, 0xc000d046c0, 0x280167c?, 0x7?, 0xc000d046f0)
	github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless/request.go:142 +0x236
github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless.(*Request).ExecuteWithResults(0xc0000b0300, 0xc000ff81c8?, 0xc000da94a0, 0x0?, 0xc000da9680)
	github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless/request.go:90 +0x637
github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/generic.(*Generic).ExecuteWithResults(0xc000fffe30, 0xc000d046a8, 0xc001c0ee80)
	github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/generic/exec.go:54 +0x2d3
github.com/projectdiscovery/nuclei/v3/pkg/tmplexec.(*TemplateExecuter).Execute(0xc000d17d80, 0xc000d046a8)
	github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/exec.go:147 +0x203
github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).executeTemplateWithTargets.func2.1(0x1cf0687?, 0x0?, 0xc000da8a80)
	github.com/projectdiscovery/nuclei/v3/pkg/core/executors.go:128 +0x1d3
created by github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).executeTemplateWithTargets.func2 in goroutine 23
	github.com/projectdiscovery/nuclei/v3/pkg/core/executors.go:105 +0x4f1

Any idea?

Refs:

https://docs.projectdiscovery.io/templates/protocols/headless#waitevent
Headless event hooks #1793

nuclei/pkg/protocols/headless/engine/page_actions.go

Lines 553 to 576 in 8d7bbdd

    
           // WaitEvent waits for an event to happen on the page. 
        
           func (p *Page) WaitEvent(act *Action, out map[string]string /*TODO review unused parameter*/) error { 
        
           	event := p.getActionArgWithDefaultValues(act, "event") 
        
           	if event == "" { 
        
           		return errors.New("event not recognized") 
        
           	} 
        
           	protoEvent := &protoEvent{event: event} 
        
           	// Uses another instance in order to be able to chain the timeout only to the wait operation 
        
           	pageCopy := p.page 
        
           	timeout := p.getActionArg(act, "timeout") 
        
           	if timeout != "" { 
        
           		ts, err := strconv.Atoi(timeout) 
        
           		if err != nil { 
        
           			return errors.Wrap(err, "could not get timeout") 
        
           		} 
        
           		if ts > 0 { 
        
           			pageCopy = p.page.Timeout(time.Duration(ts) * time.Second) 
        
           		} 
        
           	} 
        
           	// Just wait the event to happen 
        
           	pageCopy.WaitEvent(protoEvent)() 
        
           	return nil 
        
           }

https://github.com/go-rod/rod/blob/167ecc0d37408d3a9ee8bb21bfc4bc8b4b336a86/page.go#L561-L565
https://github.com/go-rod/rod/blob/167ecc0d37408d3a9ee8bb21bfc4bc8b4b336a86/lib/proto/definitions.go#L803
https://github.com/go-rod/rod/blob/167ecc0d37408d3a9ee8bb21bfc4bc8b4b336a86/lib/proto/a_interface.go#L48

The text was updated successfully, but these errors were encountered:

tarunKoyalwar · 2023-12-05T21:48:14Z

@LuD1161 @tovask the issue is fixed now in PR linked to this issue with some enchancements and here's how to use it

Example Template

id: headless-waitevent

info:
    name: WaitEvent
    severity: info
    author: pdteam

headless:
  - steps:
      # note waitevent must be used before navigating to any page
      # unlike waitload
      - action: waitevent
        args:
            event: 'Page.loadEventFired'
            max-duration: 15s

      - action: navigate  
        args:
          url: "{{BaseURL}}/"

    matchers:
      - type: word
        words:
          - "<html>"

Nuclei run

./nuclei -u https://imdb.com -headless -v -t integration_tests/protocols/headless/headless-waitevent.yaml 

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.1.0

		projectdiscovery.io

[VER] Started metrics server at localhost:9092
[INF] Current nuclei version: v3.1.0 (latest)
[INF] Current nuclei-templates version: v9.7.1 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 0
[INF] Templates loaded for current scan: 1
[WRN] Executing 1 unsigned templates. Use with caution.
[INF] Targets loaded for current scan: 1
[VER] Sent Headless request to https://imdb.com/
[headless-waitevent] [headless] [info] https://imdb.com/

tarunKoyalwar self-assigned this Dec 5, 2023

tarunKoyalwar mentioned this issue Dec 5, 2023

headless: fix panic + refactor waitevent action #4465

Merged

ehsandeep closed this as completed in #4465 Dec 6, 2023

ehsandeep added this to the nuclei v3.1.1 milestone Dec 6, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

How to use the headless waitevent action? #4461

How to use the headless waitevent action? #4461

LuD1161 commented Dec 4, 2023

tarunKoyalwar commented Dec 5, 2023

Example Template

Nuclei run

How to use the headless waitevent action? #4461

How to use the headless waitevent action? #4461

Comments

LuD1161 commented Dec 4, 2023

Initial thoughts

Discussed in #4411

tarunKoyalwar commented Dec 5, 2023

Example Template

Nuclei run