Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

automerge url parameters from input and templates #3010

Merged
merged 4 commits into from
Dec 13, 2022
Merged

automerge url parameters from input and templates #3010

merged 4 commits into from
Dec 13, 2022

Conversation

tarunKoyalwar
Copy link
Member

@tarunKoyalwar tarunKoyalwar commented Dec 9, 2022
edited
Loading

Proposed changes

  • Currently when input has parameters they don't merge with template path and url parameters as discussed in
    Auto-Merge Parameters and Paths #1392
  • Now parameters are added instead of replacing any existing parameters.
    Ex: https://scanme.sh/?user=pd | nuclei -t some-template.yaml
    final url if some-template.yaml adds user=admin would be
    https://scanme.sh/?user=pd&user=admin
  • This also applies for Raw requests .

Can be Validated Using

echo "https://scanme.sh/admin/?user=pd" | go run . -t automerge-params.yaml -silent

Checklist

  • Pull request is created against the dev branch
  • All checks passed (lint, unit/integration/regression tests etc.) with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

@tarunKoyalwar
Copy link
Member Author

tarunKoyalwar commented Dec 9, 2022
edited
Loading

Example Template to validate

id: automerge-parmas

info:
  name: Automerge templates
  author: pdtm
  severity: low
  description: Information Disclosure of Garbage Collection
  tags: exposure,devops,python

requests:
  - method: GET
    path:
      - "{{BaseURL}}/metrics"
      - "{{BaseURL}}?user=admin&key=val"
      - "{{BaseURL}}/?user=admin"
      - "{{BaseURL}}/django/?user=admin"
    matchers:
      - type: status
        status:
          - 200

  - raw:
      - |
        GET /?user=admin HTTP/1.1
        Host: {{Hostname}}
        Origin: {{BaseURL}}
      - |
        GET /admin?user=scanme HTTP/1.1
        Host: {{Hostname}}
        Origin: {{BaseURL}}
      - |
        GET https://{{Hostname}}/admin HTTP/1.1
        Host: {{Hostname}}
      - |
        GET ?user=scanme HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: status
        status:
          - 200

@tarunKoyalwar tarunKoyalwar marked this pull request as draft December 9, 2022 15:45
@tarunKoyalwar tarunKoyalwar self-assigned this Dec 9, 2022
@tarunKoyalwar tarunKoyalwar linked an issue Dec 9, 2022 that may be closed by this pull request
Disable encode query parameters by default when sending HTTP request in fuzzing template #2698
Closed
@tarunKoyalwar tarunKoyalwar added Type: Enhancement Most issues will probably ask for additions or changes. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. labels Dec 9, 2022
@ehsandeep ehsandeep linked an issue Dec 9, 2022 that may be closed by this pull request
Auto merge parameters and paths #3013
Closed
@tarunKoyalwar
Copy link
Member Author

Automerge Params

  • Parameters will now be automerged (base request/raw request) regardless if param is given in input or template .
  • Parameters are added instead of being replaced with precedence given to input (As shown below).
echo "https://scanme.sh/path?user=pd" | go run . -t ~/test/automerge-params.yaml  -silent
[automerge-parmas] [http] [low] https://scanme.sh/path/metrics?user=pd
[automerge-parmas] [http] [low] https://scanme.sh/path?key=val&user=pd&user=admin
[automerge-parmas] [http] [low] https://scanme.sh/path/?user=pd&user=admin
[automerge-parmas] [http] [low] https://scanme.sh/path/django/?user=pd&user=admin
[automerge-parmas] [http] [low] https://scanme.sh/path/?user=pd&user=admin
[automerge-parmas] [http] [low] https://scanme.sh/path/admin?user=pd&user=scanme
[automerge-parmas] [http] [low] https://scanme.sh/path/admin?user=pd
[automerge-parmas] [http] [low] https://scanme.sh/path?user=pd&user=scanme

@tarunKoyalwar tarunKoyalwar marked this pull request as ready for review December 12, 2022 12:51
Mzack9999
Mzack9999 requested changes Dec 12, 2022
View reviewed changes
Copy link
Member

@Mzack9999 Mzack9999 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggesting small code refactor + extra new lines

v2/pkg/protocols/http/utils/url.go Outdated Show resolved Hide resolved
v2/pkg/protocols/http/utils/url.go Outdated Show resolved Hide resolved
v2/pkg/protocols/http/utils/url_test.go Outdated Show resolved Hide resolved
v2/pkg/protocols/http/utils/url.go Outdated Show resolved Hide resolved
@ehsandeep ehsandeep removed a link to an issue Dec 13, 2022
Disable encode query parameters by default when sending HTTP request in fuzzing template #2698
Closed
@ehsandeep ehsandeep merged commit a5b39dc into dev Dec 13, 2022
@ehsandeep ehsandeep deleted the issue-2698-automerge-parameters branch December 13, 2022 06:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ehsandeep ehsandeep ehsandeep approved these changes

@Mzack9999 Mzack9999 Mzack9999 approved these changes

Assignees

@tarunKoyalwar tarunKoyalwar

Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Auto merge parameters and paths
3 participants
@tarunKoyalwar @ehsandeep @Mzack9999