Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(headless): add ActionWaitDialog type #5545

Open
wants to merge 8 commits into
base: dev
Choose a base branch
from
Open

feat(headless): add ActionWaitDialog type #5545

wants to merge 8 commits into from
182 −53

Conversation

dwisiswant0
Copy link
Member

@dwisiswant0 dwisiswant0 commented Aug 19, 2024
edited

Proposed changes

Close #5526

How has this been tested?

$ go test -v ./pkg/protocols/headless/engine/... -run "^TestActionWaitDialog$"
=== RUN   TestActionWaitDialog
=== RUN   TestActionWaitDialog/Triggered
=== RUN   TestActionWaitDialog/Invalid
--- PASS: TestActionWaitDialog (2.02s)
    --- PASS: TestActionWaitDialog/Triggered (0.64s)
    --- PASS: TestActionWaitDialog/Invalid (1.38s)
PASS
ok  	github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless/engine	(cached)

Proof

# headless-waitdialog-action.yaml
id: headless-waitdialog-action

info:
  name: Headless Wait Dialog Action
  author: dwisiswant0
  severity: info
  tags: headless,test,xss

headless:
  - steps:
      - action: navigate
        args:
          url: "{{BaseURL}}/?_={{url_encode(concat('<script>', dialog, '</script>'))}}"

      # The 'name' property needs to be defined so that the output variable can
      # be exposed and used later by matchers or extractors.
      - action: waitdialog
        name: alert
        args:
          max-duration: 10ms # it doesn't take a long time to trigger a dialog.

        # Output variables of ActionWaitDialog:
        # * NAME (boolean), indicator of JavaScript dialog triggered.
        # * NAME_type (string), dialog type (alert, confirm, prompt, or
        #   onbeforeunload).
        # * NAME_message (string), displayed message dialog.

    payloads:
      dialog:
        - alert(1)
        - invalidX(1)
        - confirm(1)
        - invalidY(1)
        - prompt(1)
        - invalidZ(1)
        - window.onbeforeunload = () => { return 'ya sure?' }; # nope (unless *Page.Close)

    matchers:
      - type: dsl
        dsl:
          - alert # short of 'alert == true' expr

    extractors:
      - type: dsl
        dsl:
          - "'type: '   alert_type"
          - "'message: '   alert_message"

$ go run cmd/nuclei/main.go -headless -t headless-waitdialog-action.yaml -u http://honey.scanme.sh
[headless-waitdialog-action] [headless] [info] http://honey.scanme.sh/?_= ["type: alert","message: 1"]
[headless-waitdialog-action] [headless] [info] http://honey.scanme.sh/?_= ["message: 1","type: confirm"]
[headless-waitdialog-action] [headless] [info] http://honey.scanme.sh/?_= ["type: prompt","message: 1"]

Checklist

  • Pull request is created against the dev branch
  • All checks passed (lint, unit/integration/regression tests etc.) with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

@dwisiswant0 dwisiswant0 marked this pull request as draft August 19, 2024 06:06
@dwisiswant0 dwisiswant0 marked this pull request as ready for review August 19, 2024 06:40
@dwisiswant0 dwisiswant0 changed the title feat(headless): add action wait dialog type feat(headless): add ActionWaitDialog type Aug 19, 2024
Ice3man543
Ice3man543 approved these changes Aug 19, 2024
View reviewed changes
Copy link
Member

@Ice3man543 Ice3man543 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, very nice work 👍

ehsandeep
ehsandeep requested changes Aug 21, 2024
View reviewed changes
Copy link
Member

@ehsandeep ehsandeep left a comment
edited by dwisiswant0

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • panic upon CLT C
 $ echo http://honey.scanme.sh | ./nuclei -t test.yaml  -headless

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.3.1

		projectdiscovery.io

[INF] Current nuclei version: v3.3.1 (outdated)
[INF] Current nuclei-templates version: v9.9.3 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 56
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
^C[INF] CTRL C pressed: Exiting
[INF] Attempting graceful shutdown...
panic: interface conversion: interface {} is nil, not string

goroutine 27 [running]:
github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless.(*Request).executeRequestWithPayloads(0x14000f6ae00, 0x140007f7230, 0x140015109a0?, 0x6?, 0x140008baaf8)
	/Users/geekboy/Github/nuclei/pkg/protocols/headless/request.go:186  0x12fc
github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless.(*Request).ExecuteWithResults(0x14000f6ae00, 0x14000057248?, 0x140007f6b70, 0x100af5864?, 0x140007f7500)
	/Users/geekboy/Github/nuclei/pkg/protocols/headless/request.go:87  0x490
github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/generic.(*Generic).ExecuteWithResults(0x14000958f90, 0x14000961680)
	/Users/geekboy/Github/nuclei/pkg/tmplexec/generic/exec.go:61  0x28c
github.com/projectdiscovery/nuclei/v3/pkg/tmplexec.(*TemplateExecuter).Execute(0x14000d11300, 0x14000961680)
	/Users/geekboy/Github/nuclei/pkg/tmplexec/exec.go:199  0x340
github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).executeTemplateWithTargets.func2.1(0x14ec690?, 0x40?, 0x14000d11540)
	/Users/geekboy/Github/nuclei/pkg/core/executors.go:139  0x1b0
created by github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).executeTemplateWithTargets.func2 in goroutine 26
	/Users/geekboy/Github/nuclei/pkg/core/executors.go:115  0x478
  • disable cert validation in headless? not sure if we do this but I don't find results when running with https://honey.scanme.sh that has expired cert.

@dwisiswant0
feat(headless): add dialog action type
72dee8c 
also implement it

Signed-off-by: Dwi Siswanto <[email protected]>
@dwisiswant0
refactor(headless): add ActionData for action output datas
e3c1cbc 
Signed-off-by: Dwi Siswanto <[email protected]>
@dwisiswant0
refactor(headless): rm value arg for *Page.HandleDialog
b07e214 
also:
* expose `err` from \*proto.PageHandleJavaScriptDialog`
* conditional ActionData assignment based on

Signed-off-by: Dwi Siswanto <[email protected]>
@dwisiswant0
refactor(headless): rename to ActionWaitDialog
b5b8cbd 
Signed-off-by: Dwi Siswanto <[email protected]>
@dwisiswant0
test(headless): fix mismatch assertion of src output of `ActionGetR…
40af526 
…esource`

Signed-off-by: Dwi Siswanto <[email protected]>
@dwisiswant0
test(headless): add TestActionWaitDialog test case
c1fe66c 
Signed-off-by: Dwi Siswanto <[email protected]>
@dwisiswant0
feat(headless): add GetActionDataWithDefault generic func
de9635a 
Signed-off-by: Dwi Siswanto <[email protected]>
@dwisiswant0
feat(headless): implement GetActionDataWithDefault
d1d91d5 
to `header` & `status_code`

Signed-off-by: Dwi Siswanto <[email protected]>
@dwisiswant0 dwisiswant0 force-pushed the dwisiswant0/feat/headless/add-ActionWaitDialog-type branch from 6ee5d39 to d1d91d5 Compare August 21, 2024 03:48
@dwisiswant0 dwisiswant0 mentioned this pull request Aug 21, 2024
Closed
@dwisiswant0
Copy link
Member Author

  • disable cert validation in headless? [...]

@ehsandeep - To your answer #5550 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ice3man543 Ice3man543 Ice3man543 approved these changes

@ehsandeep ehsandeep Awaiting requested review from ehsandeep

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add dialog handler for headless protocol
3 participants
@dwisiswant0 @ehsandeep @Ice3man543