Raw Request Bug #1940

vysecurity · 2022-05-05T10:11:25Z

vysecurity
May 5, 2022

Nuclei version:

[INF] Current Version: 2.6.9

Current Behavior:

When sending a raw request, a '/' is added.

Expected Behavior:

Raw request to be sent as described in the yaml.

Steps To Reproduce:

Run 'nuclei' with the template through Burp.

requests:
- raw:
  - |+
    GET 13333 HTTP/1.1
    Host: {{Hostname}}

  matchers:

        # Status Code
      - type: status
        status:
          - 404

Notice that instead of a GET 13333 is sent, actually GET /13333 is sent.

Answered by ehsandeep

May 5, 2022

@vysecurity that's standard behavior as per RFC, but nuclei do support optional rawhttp library to make non rfc compliant requests, to use rawhttp library in your template you just need to add unsafe: true and it will work as you expected.

requests:
  - raw:
      - |+
        GET 13333 HTTP/1.1
        Host: {{Hostname}}

    unsafe: true

View full answer

ehsandeep · 2022-05-05T10:34:41Z

ehsandeep
May 5, 2022
Maintainer

@vysecurity that's standard behavior as per RFC, but nuclei do support optional rawhttp library to make non rfc compliant requests, to use rawhttp library in your template you just need to add unsafe: true and it will work as you expected.

requests:
  - raw:
      - |+
        GET 13333 HTTP/1.1
        Host: {{Hostname}}

    unsafe: true

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ProjectDiscovery

Raw Request Bug #1940

{{title}}

{{editor}}'s edit

{{editor}}'s edit

Replies: 1 comment

{{title}}

Select a reply

ProjectDiscovery

Raw Request Bug #1940

vysecurity May 5, 2022

Nuclei version:

Current Behavior:

Expected Behavior:

Steps To Reproduce:

Replies: 1 comment

ehsandeep May 5, 2022 Maintainer

vysecurity
May 5, 2022

ehsandeep
May 5, 2022
Maintainer