Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(headless): eval DSL exprs in args #6017

Merged
merged 10 commits into from
Feb 10, 2025
Merged

feat(headless): eval DSL exprs in args #6017

Show file tree
Hide file tree
Changes from 9 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
15444d6
refactor(headless): mv `input` -> `ctx` field name
dwisiswant0 Jan 30, 2025
a907ddb
feat(headless): eval DSL exprs in args
dwisiswant0 Jan 30, 2025
bc81fbc
chore(headless): rm duplicate imports
dwisiswant0 Jan 30, 2025
379b1f8
feat(headless): rm duplicate dumped req vars
dwisiswant0 Jan 31, 2025
f9e5c8c
refactor(headless): unify `getTimeParameter` retrieval
dwisiswant0 Jan 31, 2025
2358d68
feat(headless): adjust default timeout value to 5s
dwisiswant0 Jan 31, 2025
e0a1c03
refactor(headless): use `getTimeParameter`
dwisiswant0 Jan 31, 2025
5b8505f
chore(headless): add nolint directive - `replaceWithValues`
dwisiswant0 Jan 31, 2025
06c6a37
feat(headless): revert parameter automerge & adds `inputURL` field
dwisiswant0 Feb 1, 2025
a7fbba2
test(headless): add headless-dsl integration test
dwisiswant0 Feb 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 41 additions & 13 deletions pkg/protocols/headless/engine/page.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,21 @@ import (

"github.com/go-rod/rod"
"github.com/go-rod/rod/lib/proto"
"github.com/projectdiscovery/gologger"
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/contextargs"
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/generators"
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/common/utils/vardump"
"github.com/projectdiscovery/nuclei/v3/pkg/protocols/utils"
httputil "github.com/projectdiscovery/nuclei/v3/pkg/protocols/utils/http"
"github.com/projectdiscovery/nuclei/v3/pkg/types"
errorutil "github.com/projectdiscovery/utils/errors"
urlutil "github.com/projectdiscovery/utils/url"
)

// Page is a single page in an isolated browser instance
type Page struct {
input *contextargs.Context
ctx *contextargs.Context
inputURL *urlutil.URL
options *Options
page *rod.Page
rules []rule
Expand All @@ -29,6 +36,7 @@ type Page struct {
History []HistoryData
InteractshURLs []string
payloads map[string]interface{}
variables map[string]interface{}
}

// HistoryData contains the page request/response pairs
Expand All @@ -45,7 +53,7 @@ type Options struct {
}

// Run runs a list of actions by creating a new page in the browser.
func (i *Instance) Run(input *contextargs.Context, actions []*Action, payloads map[string]interface{}, options *Options) (ActionData, *Page, error) {
func (i *Instance) Run(ctx *contextargs.Context, actions []*Action, payloads map[string]interface{}, options *Options) (ActionData, *Page, error) {
page, err := i.engine.Page(proto.TargetCreateTarget{})
if err != nil {
return nil, nil, err
Expand All @@ -58,13 +66,33 @@ func (i *Instance) Run(input *contextargs.Context, actions []*Action, payloads m
}
}

payloads = generators.MergeMaps(payloads,
generators.BuildPayloadFromOptions(i.browser.options),
)

target := ctx.MetaInput.Input
input, err := urlutil.Parse(target)
if err != nil {
return nil, nil, errorutil.NewWithErr(err).Msgf("could not parse URL %s", target)
}

hasTrailingSlash := httputil.HasTrailingSlash(target)
variables := utils.GenerateVariables(input, hasTrailingSlash, contextargs.GenerateVariables(ctx))
variables = generators.MergeMaps(variables, payloads)

if vardump.EnableVarDump {
gologger.Debug().Msgf("Headless Protocol request variables: %s\n", vardump.DumpVariables(variables))
}

createdPage := &Page{
options: options,
page: page,
input: input,
instance: i,
mutex: &sync.RWMutex{},
payloads: payloads,
options: options,
page: page,
ctx: ctx,
instance: i,
mutex: &sync.RWMutex{},
payloads: payloads,
variables: variables,
inputURL: input,
}

httpclient, err := i.browser.getHTTPClient()
Expand Down Expand Up @@ -108,13 +136,13 @@ func (i *Instance) Run(input *contextargs.Context, actions []*Action, payloads m
// inject cookies
// each http request is performed via the native go http client
// we first inject the shared cookies
URL, err := url.Parse(input.MetaInput.Input)
URL, err := url.Parse(ctx.MetaInput.Input)
if err != nil {
return nil, nil, err
}

if !options.DisableCookie {
if cookies := input.CookieJar.Cookies(URL); len(cookies) > 0 {
if cookies := ctx.CookieJar.Cookies(URL); len(cookies) > 0 {
var NetworkCookies []*proto.NetworkCookie
for _, cookie := range cookies {
networkCookie := &proto.NetworkCookie{
Expand All @@ -132,7 +160,7 @@ func (i *Instance) Run(input *contextargs.Context, actions []*Action, payloads m
}
params := proto.CookiesToParams(NetworkCookies)
for _, param := range params {
param.URL = input.MetaInput.Input
param.URL = ctx.MetaInput.Input
}
err := page.SetCookies(params)
if err != nil {
Expand All @@ -141,7 +169,7 @@ func (i *Instance) Run(input *contextargs.Context, actions []*Action, payloads m
}
}

data, err := createdPage.ExecuteActions(input, actions, payloads)
data, err := createdPage.ExecuteActions(ctx, actions)
if err != nil {
return nil, nil, err
}
Expand All @@ -161,7 +189,7 @@ func (i *Instance) Run(input *contextargs.Context, actions []*Action, payloads m
}
httpCookies = append(httpCookies, httpCookie)
}
input.CookieJar.SetCookies(URL, httpCookies)
ctx.CookieJar.SetCookies(URL, httpCookies)
}
}

Expand Down
Loading
Loading