Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Add More Global Variables #491

Closed
0xAwali opened this issue Jan 25, 2021 · 6 comments · Fixed by #935
Closed

[Feature] Add More Global Variables #491

0xAwali opened this issue Jan 25, 2021 · 6 comments · Fixed by #935
Assignees
@parrasajad
Labels
Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.
Projects
v2.5.0

Comments

@0xAwali
Copy link

0xAwali commented Jan 25, 2021
edited by sync-by-unito bot
Loading

It Is Possible To Add More Global Variables In Row Request , You Only Declared {{Hostname}} And {{BaseURL}} So It Will Be A Great If You Add More e.g. Jaeles Project Declares

Screenshot!UNITO-UNDERSCORE!2021-01-25!UNITO-UNDERSCORE!04-46-46

So You Can Add e.g.

{{Path}} It Will Help Us If We Need Do Action On Specific Endpoint e.g. Use It To Spoof Origin Endpoint By Using Header e.g. X-Original-URL: {{Path}}

{{Parameters}} It Will Help Us If We Need To Control On GET Queries OR POST Body e.g. Change Request From GET To POST Or Vice Versa

{{CustomHeader}} It Will Help Us If We Need To Add Custom Headers From stdin

Also It Will Be A Great If You Add UpdateLength Option To Help Us To Control On Content-Length Header , That Will Be Awesome While Doing HTTP Request Smuggler e.g. If I Set -UpdateLength 6 Then Content-Length Header Will Be Like This Content-Length: 6 And If I Set -UpdateLength All Then Content-Length Header Will Be Length Of The Whole Body Of Request
@ehsandeep ehsandeep added Type: Discussion Some ideas need to be planned and disucssed to come to a strategy. Type: Enhancement Most issues will probably ask for additions or changes. labels Jan 26, 2021
@99red
Copy link

99red commented Feb 17, 2021

I second this. Also {{.Proto}} for http/https.

@sudo-jtcsec
Copy link

Ive run into this as well, for wanting to use full paths in templates. The list of Jaeles Project Declares would be awesome to have available!

@ehsandeep ehsandeep changed the title Add More Global Variables [Feature] Add More Global Variables May 13, 2021
@ehsandeep ehsandeep added enhancement and removed Type: Enhancement Most issues will probably ask for additions or changes. labels May 26, 2021
@Mzack9999
Copy link
Member

This should be covered in #641 (still in development) as all the above are accessible through the scripting engine.

@ehsandeep ehsandeep added this to To do in v2.5.0 Jul 25, 2021
@parrasajad parrasajad self-assigned this Aug 10, 2021
This was referenced Aug 11, 2021
Closed
Merged
@ehsandeep ehsandeep added Status: Completed Nothing further to be done with this issue. Awaiting to be closed. and removed Type: Discussion Some ideas need to be planned and disucssed to come to a strategy. labels Aug 13, 2021
@ehsandeep
Copy link
Member

@0xAwali @99red @sudo-jtcsec

This is now supported in dev version:-

Newly added Global variables:-

  • {{RootURL}}
  • {{Host}}
  • {{Port}}
  • {{Path}}
  • {{Scheme}}

Template example:-

id: basic-example

info:
  name: Test HTTP Template
  author: pdteam
  severity: info

requests:
  - method: GET
    path:
      - "{{BaseURL}}"

    headers:
      A: '{{BaseURL}}'
      B: '{{RootURL}}'
      C: '{{Hostname}}'
      D: '{{Host}}'
      E: '{{Port}}'
      F: '{{Scheme}}'
      G: '{{Path}}'

Example output:-

echo http://www.example.com:80/test/aa?a=b | ./nuclei -t test.yaml -debug-req

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   2.4.4-dev

    projectdiscovery.io

[INF] Using Nuclei Engine 2.4.4-dev (development)
[INF] Using Nuclei Templates 8.4.5 (latest)
[INF] Using Interactsh Server https://interact.sh
[INF] Templates loaded: 1 (New: 25)
[INF] [basic-example] Dumped HTTP request for http://www.example.com:80/test/aa?a=b

GET /test/aa?a=b/ HTTP/1.1
Host: www.example.com:80
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1866.237 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
A: http://www.example.com:80/test/aa?a=b
B: http://www.example.com:80
C: www.example.com:80
D: www.example.com
E: 80
F: http
G: /test/aa

[INF] No results found. Better luck next time!

@ehsandeep ehsandeep linked a pull request Aug 13, 2021 that will close this issue
Add Additional Generic Url Variables #935
Merged
@ehsandeep ehsandeep moved this from To do to Done in v2.5.0 Aug 13, 2021
@0xAwali
Copy link
Author

0xAwali commented Aug 13, 2021

Thank You 💖

@forgedhallpass forgedhallpass added Type: Enhancement Most issues will probably ask for additions or changes. and removed enhancement labels Oct 7, 2021
@hdbreaker
Copy link

Hi team, I'm also need to take control in GET/POST Parameters, there is a Global Variable for that? How can por example if my request is to site.com/sqli.php?vulnerableID=1 just use all the URL complete

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@parrasajad parrasajad

Labels
Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.
Projects
No open projects
v2.5.0
Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add Additional Generic Url Variables wdahlenburg/nuclei
8 participants
@hdbreaker @ehsandeep @Mzack9999 @forgedhallpass @parrasajad @0xAwali @99red @sudo-jtcsec