http

package
v3.3.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 18, 2024 License: MIT Imports: 69 Imported by: 0

Documentation

Index

Constants

View Source
const CRLF = "\r\n"
View Source
const (
	Once flowMark = iota
)
View Source
const (
	ReqURLPatternKey = "req_url_pattern"
)
View Source
const (
	SetThreadToCountZero = "set-thread-count-to-zero"
)

Variables

View Source
var (
	ErrEvalExpression = errorutil.NewWithTag("expr", "could not evaluate helper expressions")
	ErrUnresolvedVars = errorutil.NewWithFmt("unresolved variables `%v` found in request")
)

ErrEvalExpression

View Source
var (
	MaxBodyRead = 10 * unitutils.Mega
	// ErrMissingVars is error occured when variables are missing
	ErrMissingVars = errkit.New("stop execution due to unresolved variables").SetKind(nucleierr.ErrTemplateLogic).Build()
	// ErrHttpEngineRequestDeadline is error occured when request deadline set by http request engine is exceeded
	ErrHttpEngineRequestDeadline = errkit.New("http request engine deadline exceeded").SetKind(errkit.ErrKindDeadline).Build()
)
View Source
var (

	// ErrTimeoutAnnotationDeadline is the error returned when a specific amount of time was exceeded for a request
	// which was alloted using @timeout annotation this usually means that vulnerability was not found
	// in rare case it could also happen due to network congestion
	// the assigned class is TemplateLogic since this in almost every case means that server is not vulnerable
	ErrTimeoutAnnotationDeadline = errkit.New("timeout annotation deadline exceeded").SetKind(nucleierr.ErrTemplateLogic).Build()
	// ErrRequestTimeoutDeadline is the error returned when a specific amount of time was exceeded for a request
	// this happens when the request execution exceeds alloted time
	ErrRequestTimeoutDeadline = errkit.New("request timeout deadline exceeded when notimeout is set").SetKind(errkit.ErrKindDeadline).Build()
)
View Source
var ErrNoIgnoreList = errors.New("unknown signature types")
View Source
var HTTPMethodMapping = map[HTTPMethodType]string{
	HTTPGet:     "GET",
	HTTPHead:    "HEAD",
	HTTPPost:    "POST",
	HTTPPut:     "PUT",
	HTTPDelete:  "DELETE",
	HTTPConnect: "CONNECT",
	HTTPOptions: "OPTIONS",
	HTTPTrace:   "TRACE",
	HTTPPatch:   "PATCH",
	HTTPPurge:   "PURGE",
	HTTPDebug:   "DEBUG",
}

HTTPMethodMapping is a table for conversion of method from string.

View Source
var LeaveDefaultPorts = false

LeaveDefaultPorts skips normalization of default standard ports

View Source
var RequestPartDefinitions = map[string]string{
	"template-id":           "ID of the template executed",
	"template-info":         "Info Block of the template executed",
	"template-path":         "Path of the template executed",
	"host":                  "Host is the input to the template",
	"matched":               "Matched is the input which was matched upon",
	"type":                  "Type is the type of request made",
	"request":               "HTTP request made from the client",
	"response":              "HTTP response received from server",
	"status_code":           "Status Code received from the Server",
	"body":                  "HTTP response body received from server (default)",
	"content_length":        "HTTP Response content length",
	"header,all_headers":    "HTTP response headers",
	"duration":              "HTTP request time duration",
	"all":                   "HTTP response body + headers",
	"cookies_from_response": "HTTP response cookies in name:value format",
	"headers_from_response": "HTTP response headers in name:value format",
}

RequestPartDefinitions contains a mapping of request part definitions and their description. Multiple definitions are separated by commas. Definitions not having a name (generated on runtime) are prefixed & suffixed by <>.

Functions

func GetDefaultSignerVars

func GetDefaultSignerVars(signatureType SignatureType) map[string]interface{}

GetDefaultSignerVars returns the default signer variables

func GetVariablesNamesSkipList

func GetVariablesNamesSkipList(signature SignatureType) map[string]interface{}

GetVariablesNamesSkipList depending on the signature type

Types

type HTTPMethodType

type HTTPMethodType int

HTTPMethodType is the type of the method specified

const (
	// name:GET
	HTTPGet HTTPMethodType = iota + 1
	// name:HEAD
	HTTPHead
	// name:POST
	HTTPPost
	// name:PUT
	HTTPPut
	// name:DELETE
	HTTPDelete
	// name:CONNECT
	HTTPConnect
	// name:OPTIONS
	HTTPOptions
	// name:TRACE
	HTTPTrace
	// name:PATCH
	HTTPPatch
	// name:PURGE
	HTTPPurge
	// name:Debug
	HTTPDebug
)

name:HTTPMethodType

func GetSupportedHTTPMethodTypes

func GetSupportedHTTPMethodTypes() []HTTPMethodType

GetSupportedHTTPMethodTypes returns list of supported types

func (HTTPMethodType) String

func (t HTTPMethodType) String() string

type HTTPMethodTypeHolder

type HTTPMethodTypeHolder struct {
	MethodType HTTPMethodType `mapping:"true"`
}

HTTPMethodTypeHolder is used to hold internal type of the HTTP Method

func (HTTPMethodTypeHolder) JSONSchema

func (holder HTTPMethodTypeHolder) JSONSchema() *jsonschema.Schema

func (*HTTPMethodTypeHolder) MarshalJSON

func (holder *HTTPMethodTypeHolder) MarshalJSON() ([]byte, error)

func (HTTPMethodTypeHolder) MarshalYAML

func (holder HTTPMethodTypeHolder) MarshalYAML() (interface{}, error)

func (HTTPMethodTypeHolder) String

func (holder HTTPMethodTypeHolder) String() string

func (*HTTPMethodTypeHolder) UnmarshalJSON

func (holder *HTTPMethodTypeHolder) UnmarshalJSON(data []byte) error

func (*HTTPMethodTypeHolder) UnmarshalYAML

func (holder *HTTPMethodTypeHolder) UnmarshalYAML(unmarshal func(interface{}) error) error

type Request

type Request struct {
	// Operators for the current request go here.
	operators.Operators `yaml:",inline" json:",inline"`
	// description: |
	//   Path contains the path/s for the HTTP requests. It supports variables
	//   as placeholders.
	// examples:
	//   - name: Some example path values
	//     value: >
	//       []string{"{{BaseURL}}", "{{BaseURL}}/+CSCOU+/../+CSCOE+/files/file_list.json?path=/sessions"}
	Path []string `` /* 136-byte string literal not displayed */
	// description: |
	//   Raw contains HTTP Requests in Raw format.
	// examples:
	//   - name: Some example raw requests
	//     value: |
	//       []string{"GET /etc/passwd HTTP/1.1\nHost:\nContent-Length: 4", "POST /.%0d./.%0d./.%0d./.%0d./bin/sh HTTP/1.1\nHost: {{Hostname}}\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:71.0) Gecko/20100101 Firefox/71.0\nContent-Length: 1\nConnection: close\n\necho\necho\ncat /etc/passwd 2>&1"}
	Raw []string `yaml:"raw,omitempty" json:"raw,omitempty" jsonschema:"http requests in raw format,description=HTTP Requests in Raw Format"`
	// ID is the optional id of the request
	ID string `yaml:"id,omitempty" json:"id,omitempty" jsonschema:"title=id for the http request,description=ID for the HTTP Request"`
	// description: |
	//  Name is the optional name of the request.
	//
	//  If a name is specified, all the named request in a template can be matched upon
	//  in a combined manner allowing multi-request based matchers.
	Name string `` /* 135-byte string literal not displayed */
	// description: |
	//   Attack is the type of payload combinations to perform.
	//
	//   batteringram is inserts the same payload into all defined payload positions at once, pitchfork combines multiple payload sets and clusterbomb generates
	//   permutations and combinations for all payloads.
	// values:
	//   - "batteringram"
	//   - "pitchfork"
	//   - "clusterbomb"
	AttackType generators.AttackTypeHolder `` /* 216-byte string literal not displayed */
	// description: |
	//   Method is the HTTP Request Method.
	Method HTTPMethodTypeHolder `` /* 255-byte string literal not displayed */
	// description: |
	//   Body is an optional parameter which contains HTTP Request body.
	// examples:
	//   - name: Same Body for a Login POST request
	//     value: "\"username=test&password=test\""
	Body string `` /* 167-byte string literal not displayed */
	// description: |
	//   Payloads contains any payloads for the current request.
	//
	//   Payloads support both key-values combinations where a list
	//   of payloads is provided, or optionally a single file can also
	//   be provided as payload which will be read on run-time.
	Payloads map[string]interface{} `` /* 167-byte string literal not displayed */

	// description: |
	//   Headers contains HTTP Headers to send with the request.
	// examples:
	//   - value: |
	//       map[string]string{"Content-Type": "application/x-www-form-urlencoded", "Content-Length": "1", "Any-Header": "Any-Value"}
	Headers map[string]string `` /* 173-byte string literal not displayed */
	// description: |
	//   RaceCount is the number of times to send a request in Race Condition Attack.
	// examples:
	//   - name: Send a request 5 times
	//     value: "5"
	RaceNumberRequests int `` /* 197-byte string literal not displayed */
	// description: |
	//   MaxRedirects is the maximum number of redirects that should be followed.
	// examples:
	//   - name: Follow up to 5 redirects
	//     value: "5"
	MaxRedirects int `` /* 182-byte string literal not displayed */
	// description: |
	//   PipelineConcurrentConnections is number of connections to create during pipelining.
	// examples:
	//   - name: Create 40 concurrent connections
	//     value: 40
	PipelineConcurrentConnections int `` /* 211-byte string literal not displayed */
	// description: |
	//   PipelineRequestsPerConnection is number of requests to send per connection when pipelining.
	// examples:
	//   - name: Send 100 requests per pipeline connection
	//     value: 100
	PipelineRequestsPerConnection int `` /* 242-byte string literal not displayed */
	// description: |
	//   Threads specifies number of threads to use sending requests. This enables Connection Pooling.
	//
	//   Connection: Close attribute must not be used in request while using threads flag, otherwise
	//   pooling will fail and engine will continue to close connections after requests.
	// examples:
	//   - name: Send requests using 10 concurrent threads
	//     value: 10
	Threads int `` /* 202-byte string literal not displayed */
	// description: |
	//   MaxSize is the maximum size of http response body to read in bytes.
	// examples:
	//   - name: Read max 2048 bytes of the response
	//     value: 2048
	MaxSize int `` /* 166-byte string literal not displayed */

	// Fuzzing describes schema to fuzz http requests
	Fuzzing []*fuzz.Rule `` /* 162-byte string literal not displayed */

	CompiledOperators *operators.Operators `yaml:"-" json:"-"`

	// description: |
	//   SelfContained specifies if the request is self-contained.
	SelfContained bool `yaml:"self-contained,omitempty" json:"self-contained,omitempty"`

	// description: |
	//   Signature is the request signature method
	// values:
	//   - "AWS"
	Signature SignatureTypeHolder `` /* 187-byte string literal not displayed */

	// description: |
	//   CookieReuse is an optional setting that enables cookie reuse for
	//   all requests defined in raw section.
	// Deprecated: This is default now. Use disable-cookie to disable cookie reuse. cookie-reuse will be removed in future releases.
	CookieReuse bool `` /* 162-byte string literal not displayed */

	// description: |
	//   DisableCookie is an optional setting that disables cookie reuse
	DisableCookie bool `` /* 168-byte string literal not displayed */

	// description: |
	//   Enables force reading of the entire raw unsafe request body ignoring
	//   any specified content length headers.
	ForceReadAllBody bool `` /* 159-byte string literal not displayed */
	// description: |
	//   Redirects specifies whether redirects should be followed by the HTTP Client.
	//
	//   This can be used in conjunction with `max-redirects` to control the HTTP request redirects.
	Redirects bool `` /* 172-byte string literal not displayed */
	// description: |
	//   Redirects specifies whether only redirects to the same host should be followed by the HTTP Client.
	//
	//   This can be used in conjunction with `max-redirects` to control the HTTP request redirects.
	HostRedirects bool `` /* 209-byte string literal not displayed */
	// description: |
	//   Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining
	//
	//   All requests must be idempotent (GET/POST). This can be used for race conditions/billions requests.
	Pipeline bool `` /* 186-byte string literal not displayed */
	// description: |
	//   Unsafe specifies whether to use rawhttp engine for sending Non RFC-Compliant requests.
	//
	//   This uses the [rawhttp](https://github.com/projectdiscovery/rawhttp) engine to achieve complete
	//   control over the request, with no normalization performed by the client.
	Unsafe bool `` /* 198-byte string literal not displayed */
	// description: |
	//   Race determines if all the request have to be attempted at the same time (Race Condition)
	//
	//   The actual number of requests that will be sent is determined by the `race_count`  field.
	Race bool `` /* 210-byte string literal not displayed */
	// description: |
	//   ReqCondition automatically assigns numbers to requests and preserves their history.
	//
	//   This allows matching on them later for multi-request conditions.
	// Deprecated: request condition will be detected automatically (https://github.com/Jarnpher553/nuclei/issues/2393)
	ReqCondition bool `` /* 187-byte string literal not displayed */
	// description: |
	//   StopAtFirstMatch stops the execution of the requests and template as soon as a match is found.
	StopAtFirstMatch bool `` /* 166-byte string literal not displayed */
	// description: |
	//   SkipVariablesCheck skips the check for unresolved variables in request
	SkipVariablesCheck bool `` /* 179-byte string literal not displayed */
	// description: |
	//   IterateAll iterates all the values extracted from internal extractors
	// Deprecated: Use flow instead . iterate-all will be removed in future releases
	IterateAll bool `` /* 170-byte string literal not displayed */
	// description: |
	//   DigestAuthUsername specifies the username for digest authentication
	DigestAuthUsername string `` /* 209-byte string literal not displayed */
	// description: |
	//   DigestAuthPassword specifies the password for digest authentication
	DigestAuthPassword string `` /* 209-byte string literal not displayed */
	// description: |
	//  DisablePathAutomerge disables merging target url path with raw request path
	DisablePathAutomerge bool `` /* 193-byte string literal not displayed */
	// description: |
	//   Fuzz PreCondition is matcher-like field to check if fuzzing should be performed on this request or not
	FuzzPreCondition []*matchers.Matcher `` /* 221-byte string literal not displayed */
	// description: |
	//  FuzzPreConditionOperator is the operator between multiple PreConditions for fuzzing Default is OR
	FuzzPreConditionOperator string `` /* 205-byte string literal not displayed */
	// contains filtered or unexported fields
}

Request contains a http request to be made from a template

func (*Request) Compile

func (request *Request) Compile(options *protocols.ExecutorOptions) error

Compile compiles the protocol request for further execution.

func (*Request) ExecuteWithResults

func (request *Request) ExecuteWithResults(input *contextargs.Context, dynamicValues, previous output.InternalEvent, callback protocols.OutputEventCallback) error

ExecuteWithResults executes the final request on a URL

func (*Request) Extract

func (request *Request) Extract(data map[string]interface{}, extractor *extractors.Extractor) map[string]struct{}

Extract performs extracting operation for an extractor on model and returns true or false.

func (*Request) GetCompiledOperators

func (request *Request) GetCompiledOperators() []*operators.Operators

func (*Request) GetID

func (request *Request) GetID() string

GetID returns the unique ID of the request if any.

func (*Request) IsClusterable

func (request *Request) IsClusterable() bool

IsClusterable returns true if the request is eligible to be clustered.

func (Request) JSONSchemaExtend

func (e Request) JSONSchemaExtend(schema *jsonschema.Schema)

func (*Request) MakeResultEvent

func (request *Request) MakeResultEvent(wrapped *output.InternalWrappedEvent) []*output.ResultEvent

MakeResultEvent creates a result event from internal wrapped event

func (*Request) MakeResultEventItem

func (request *Request) MakeResultEventItem(wrapped *output.InternalWrappedEvent) *output.ResultEvent

func (*Request) Match

func (request *Request) Match(data map[string]interface{}, matcher *matchers.Matcher) (bool, []string)

Match matches a generic data response again a given matcher TODO: Try to consolidate this in protocols.MakeDefaultMatchFunc to avoid any inconsistencies

func (*Request) NeedsRequestCondition

func (request *Request) NeedsRequestCondition() bool

NeedsRequestCondition determines if request condition should be enabled

func (*Request) Options

func (r *Request) Options() *protocols.ExecutorOptions

Options returns executer options for http request

func (*Request) Requests

func (request *Request) Requests() int

Requests returns the total number of requests the YAML rule will perform

func (*Request) ShouldFuzzTarget

func (request *Request) ShouldFuzzTarget(input *contextargs.Context) bool

ShouldFuzzTarget checks if given target should be fuzzed or not using `filter` field in template

func (*Request) TmplClusterKey

func (request *Request) TmplClusterKey() uint64

TmplClusterKey generates a unique key for the request to be used in the clustering process.

func (*Request) Type

func (request *Request) Type() templateTypes.ProtocolType

Type returns the type of the protocol request

type SignatureType

type SignatureType int

SignatureType is the type of signature

const (
	AWSSignature SignatureType = iota + 1
)

Supported values for the SignatureType

func GetSupportedSignaturesTypes

func GetSupportedSignaturesTypes() []SignatureType

func (SignatureType) String

func (t SignatureType) String() string

type SignatureTypeHolder

type SignatureTypeHolder struct {
	Value SignatureType
}

SignatureTypeHolder is used to hold internal type of the signature

func (SignatureTypeHolder) JSONSchema

func (holder SignatureTypeHolder) JSONSchema() *jsonschema.Schema

func (SignatureTypeHolder) MarshalJSON

func (holder SignatureTypeHolder) MarshalJSON() ([]byte, error)

func (SignatureTypeHolder) MarshalYAML

func (holder SignatureTypeHolder) MarshalYAML() (interface{}, error)

func (*SignatureTypeHolder) UnmarshalJSON

func (holder *SignatureTypeHolder) UnmarshalJSON(data []byte) error

func (*SignatureTypeHolder) UnmarshalYAML

func (holder *SignatureTypeHolder) UnmarshalYAML(unmarshal func(interface{}) error) error

Directories

Path Synopsis
Package raw provides raw http request parsing abilities for nuclei.
Package raw provides raw http request parsing abilities for nuclei.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL