Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(headless): add ActionWaitDialog type #5545

Merged
merged 10 commits into from
Sep 2, 2024
Merged

feat(headless): add ActionWaitDialog type #5545

merged 10 commits into from
Sep 2, 2024

Conversation

dwisiswant0
Copy link
Member

@dwisiswant0 dwisiswant0 commented Aug 19, 2024
edited
Loading

Proposed changes

Close #5526

How has this been tested?

$ go test -v ./pkg/protocols/headless/engine/... -run "^TestActionWaitDialog$"
=== RUN   TestActionWaitDialog
=== RUN   TestActionWaitDialog/Triggered
=== RUN   TestActionWaitDialog/Invalid
--- PASS: TestActionWaitDialog (2.02s)
    --- PASS: TestActionWaitDialog/Triggered (0.64s)
    --- PASS: TestActionWaitDialog/Invalid (1.38s)
PASS
ok  	github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless/engine	(cached)

Proof

# headless-waitdialog-action.yaml
id: headless-waitdialog-action

info:
  name: Headless Wait Dialog Action
  author: dwisiswant0
  severity: info
  tags: headless,test,xss

headless:
  - steps:
      - action: navigate
        args:
          url: "{{BaseURL}}/?_={{url_encode(concat('<script>', dialog, '</script>'))}}"

      # The 'name' property needs to be defined so that the output variable can
      # be exposed and used later by matchers or extractors.
      - action: waitdialog
        name: alert
        args:
          max-duration: 10ms # it doesn't take a long time to trigger a dialog.

        # Output variables of ActionWaitDialog:
        # * NAME (boolean), indicator of JavaScript dialog triggered.
        # * NAME_type (string), dialog type (alert, confirm, prompt, or
        #   onbeforeunload).
        # * NAME_message (string), displayed message dialog.

    payloads:
      dialog:
        - alert(1)
        - invalidX(1)
        - confirm(1)
        - invalidY(1)
        - prompt(1)
        - invalidZ(1)
        - window.onbeforeunload = () => { return 'ya sure?' }; # nope (unless *Page.Close)

    matchers:
      - type: dsl
        dsl:
          - alert # short of 'alert == true' expr

    extractors:
      - type: dsl
        dsl:
          - "'type: ' + alert_type"
          - "'message: ' + alert_message"

$ go run cmd/nuclei/main.go -headless -t headless-waitdialog-action.yaml -u http://honey.scanme.sh
[headless-waitdialog-action] [headless] [info] http://honey.scanme.sh/?_=%3Cscript%3Ealert%281%29%3C%2Fscript%3E ["type: alert","message: 1"]
[headless-waitdialog-action] [headless] [info] http://honey.scanme.sh/?_=%3Cscript%3Econfirm%281%29%3C%2Fscript%3E ["message: 1","type: confirm"]
[headless-waitdialog-action] [headless] [info] http://honey.scanme.sh/?_=%3Cscript%3Eprompt%281%29%3C%2Fscript%3E ["type: prompt","message: 1"]

Checklist

  • Pull request is created against the dev branch
  • All checks passed (lint, unit/integration/regression tests etc.) with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

@dwisiswant0 dwisiswant0 marked this pull request as draft August 19, 2024 06:06
@dwisiswant0 dwisiswant0 marked this pull request as ready for review August 19, 2024 06:40
@dwisiswant0 dwisiswant0 changed the title feat(headless): add action wait dialog type feat(headless): add ActionWaitDialog type Aug 19, 2024
Ice3man543
Ice3man543 approved these changes Aug 19, 2024
View reviewed changes
Copy link
Member

@Ice3man543 Ice3man543 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm, very nice work 👍

ehsandeep
ehsandeep requested changes Aug 21, 2024
View reviewed changes
Copy link
Member

@ehsandeep ehsandeep left a comment
edited by dwisiswant0
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • panic upon CLT +C
 $ echo http://honey.scanme.sh | ./nuclei -t test.yaml  -headless

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.3.1

		projectdiscovery.io

[INF] Current nuclei version: v3.3.1 (outdated)
[INF] Current nuclei-templates version: v9.9.3 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 56
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
^C[INF] CTRL+C pressed: Exiting
[INF] Attempting graceful shutdown...
panic: interface conversion: interface {} is nil, not string

goroutine 27 [running]:
github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless.(*Request).executeRequestWithPayloads(0x14000f6ae00, 0x140007f7230, 0x140015109a0?, 0x6?, 0x140008baaf8)
	/Users/geekboy/Github/nuclei/pkg/protocols/headless/request.go:186 +0x12fc
github.com/projectdiscovery/nuclei/v3/pkg/protocols/headless.(*Request).ExecuteWithResults(0x14000f6ae00, 0x14000057248?, 0x140007f6b70, 0x100af5864?, 0x140007f7500)
	/Users/geekboy/Github/nuclei/pkg/protocols/headless/request.go:87 +0x490
github.com/projectdiscovery/nuclei/v3/pkg/tmplexec/generic.(*Generic).ExecuteWithResults(0x14000958f90, 0x14000961680)
	/Users/geekboy/Github/nuclei/pkg/tmplexec/generic/exec.go:61 +0x28c
github.com/projectdiscovery/nuclei/v3/pkg/tmplexec.(*TemplateExecuter).Execute(0x14000d11300, 0x14000961680)
	/Users/geekboy/Github/nuclei/pkg/tmplexec/exec.go:199 +0x340
github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).executeTemplateWithTargets.func2.1(0x14ec690?, 0x40?, 0x14000d11540)
	/Users/geekboy/Github/nuclei/pkg/core/executors.go:139 +0x1b0
created by github.com/projectdiscovery/nuclei/v3/pkg/core.(*Engine).executeTemplateWithTargets.func2 in goroutine 26
	/Users/geekboy/Github/nuclei/pkg/core/executors.go:115 +0x478
  • disable cert validation in headless? not sure if we do this but I don't find results when running with https://honey.scanme.sh that has expired cert.

@dwisiswant0 dwisiswant0 requested a review from ehsandeep August 21, 2024 03:43
@dwisiswant0 dwisiswant0 force-pushed the dwisiswant0/feat/headless/add-ActionWaitDialog-type branch from 6ee5d39 to d1d91d5 Compare August 21, 2024 03:48
@dwisiswant0 dwisiswant0 mentioned this pull request Aug 21, 2024
Closed
@dwisiswant0
Copy link
Member Author

  • disable cert validation in headless? [...]

@ehsandeep - To your answer #5550 (comment)

@dwisiswant0 dwisiswant0 marked this pull request as draft August 23, 2024 08:42
@dwisiswant0
feat(headless): add dialog action type
767274a 
also implement it

Signed-off-by: Dwi Siswanto <[email protected]>
@dwisiswant0
refactor(headless): add ActionData for action output datas
800088d 
Signed-off-by: Dwi Siswanto <[email protected]>
@dwisiswant0
refactor(headless): rm value arg for *Page.HandleDialog
7c884cd 
also:
* expose `err` from \*proto.PageHandleJavaScriptDialog`
* conditional ActionData assignment based on

Signed-off-by: Dwi Siswanto <[email protected]>
@dwisiswant0
refactor(headless): rename to ActionWaitDialog
0f33b1a 
Signed-off-by: Dwi Siswanto <[email protected]>
@dwisiswant0
test(headless): fix mismatch assertion of src output of `ActionGetR…
b6b1757 
…esource`

Signed-off-by: Dwi Siswanto <[email protected]>
@dwisiswant0
test(headless): add TestActionWaitDialog test case
160f422 
Signed-off-by: Dwi Siswanto <[email protected]>
@dwisiswant0
feat(headless): add GetActionDataWithDefault generic func
fa12e0d 
Signed-off-by: Dwi Siswanto <[email protected]>
@dwisiswant0
feat(headless): implement GetActionDataWithDefault
09fa3d3 
to `header` & `status_code`

Signed-off-by: Dwi Siswanto <[email protected]>
@dwisiswant0
refactor(headless): use mapsutil.Map instead
99d191f 
Signed-off-by: Dwi Siswanto <[email protected]>
@dwisiswant0
Revert "feat(headless): add GetActionDataWithDefault generic func"
84e8573 
This reverts commit fa12e0d.
@dwisiswant0 dwisiswant0 force-pushed the dwisiswant0/feat/headless/add-ActionWaitDialog-type branch from d1d91d5 to 84e8573 Compare August 23, 2024 11:06
@dwisiswant0 dwisiswant0 marked this pull request as ready for review August 23, 2024 11:06
@auto-assign auto-assign bot requested a review from dogancanbakir August 23, 2024 11:06
ehsandeep
ehsandeep approved these changes Sep 2, 2024
View reviewed changes
Copy link
Member

@ehsandeep ehsandeep left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@dwisiswant0 this will make things much easier!

we can also update the docs at - https://docs.projectdiscovery.io/templates/protocols/headless

@ehsandeep ehsandeep merged commit 841d891 into dev Sep 2, 2024
12 checks passed
@ehsandeep ehsandeep deleted the dwisiswant0/feat/headless/add-ActionWaitDialog-type branch September 2, 2024 09:59
@dwisiswant0 dwisiswant0 mentioned this pull request Sep 2, 2024
Merged
@dogancanbakir dogancanbakir mentioned this pull request Sep 4, 2024
Merged
@BrewTestBot BrewTestBot mentioned this pull request Sep 4, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ehsandeep ehsandeep ehsandeep approved these changes

@Ice3man543 Ice3man543 Ice3man543 approved these changes

@dogancanbakir dogancanbakir dogancanbakir approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add dialog handler for headless protocol
4 participants
@dwisiswant0 @ehsandeep @Ice3man543 @dogancanbakir