Add dialog handler for headless protocol

[dwisiswant0]

I've been bugged for ages by how the engine handles XSS payload detection. It’s such a pain having to add specific matchers for each server or target technology.

A recent discussion¹ brought back all those annoying memories. I get that it’s all about improving accuracy and avoiding false positives, which I completely understand, but it makes things way more complicated than they²³ need to be.

Since the engine supports headless browsers, I think we have a chance to fix this. By using headless browsers, we can avoid increasing the workload⁴ for users.

I was looking through the rod docs and found that it has a *Page.HandleDialog method that looks perfect for this. This method can accurately detect if an XSS payload is triggered, giving us consistent true positives.

Integrating this method into the engine could make things a lot easier for users. We'd no longer need to mess around with those unique matchers, and we'd still maintain the high level of accuracy needed for detecting XSS payloads. This change would make the engine much more efficient, which would be a huge win for everyone.

Footnotes

1. https://github.com/projectdiscovery/nuclei-templates/discussions/10529 ↩

2. http/cves/2022/CVE-2022-26263.yaml template. ↩

3. headless/cves/2018/CVE-2018-25031.yaml template. ↩

4. Researching the target through Shodan or even setting up a vulnerable lab environment — just to see what's unique inside it. 😒 ↩