Authenticated scan via secret file not working

[Lebotek]

Nuclei version:

v3.2.8

I am trying to do authenticated scanning against the DVWA of OWASP for educational purposes. But i am always getting the following error:
[FTL] Could not fetch dynamic secret: [urlutil:RUNTIME] failed to parse url got empty input

Steps To Reproduce:

1. Add dvwa-secrets.yaml and dvwa-login.yaml
2. Run DVWA in a docker container
3. Execute nuclei -u http://localhost:4280 -secret-file ./dvwa-secrets.yaml

The dvwa-secrets.yaml looks like this:

dynamic:
  - template: /path/to/dvwa-login.yaml
    variables:
      - name: username
        value: admin
      - name: password
        value: password
    type: cookie
    domains:
      - localhost:4280
    cookies:
      - raw: "{{session-cookie}}"

And the dvwa-login.yaml like this:

id: dvwa-login

info:
  name: DVWA Login
  author: lebotek
  severity: info
  description: |
    DVWA Login template for testing.
  tags: dvwa,login

requests:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
    extractors:
      - type: regex
        name: token
        part: body
        internal: true
        group: 1
        regex:
          - '<input\stype=.hidden.\sname=.user_token.\svalue=.([[:alnum:]]{32}).\s\/>'
  - raw:
      - |
        POST /login.php HTTP/1.1
        Host: {{Hostname}}


        username={{username}}&password={{password}}&Login=Login&user_token={{token}}
    matchers-condition: and
    matchers:
      - type: status
        status:
          - 302
      - type: word
        part: header
        words:
          - 'index.php'
        condition: and

    extractors:
      - type: regex
        name: session-cookie
        part: header
        internal: true
        regex:
          - 'Set-Cookie.+?\sPHPSESSID=.+?SameSite=Strict'

I am probably just doing something wrong but even if i reduce both .yaml files to a minimum i always get this message either as a error or as a warning with a different followup error message like this:
[WRN] [dvwa-login] Could not execute request for : [urlutil:RUNTIME] failed to parse url got empty input
[FTL] Could not fetch dynamic secret: no extracted values found for dynamic secret

[Lebotek]

Here is a reduced example where i just added a plain get request and a extractor for the cookie

dynamic:
  - template: /path/to/test-login.yaml
    variables:
      - name: username
        value: admin
      - name: password
        value: password
    type: cookie
    domains:
      - localhost:4280
    cookies:
      - raw: "{{cookie}}"

id: test-login

info:
  name: DVWA Login
  author: lebotek
  severity: info
  description: |
    Login template for testing.
  tags: test,login

requests:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
    extractors:
      - type: regex
        name: cookie
        part: header
        internal: true
        regex:
          - 'Set-Cookie.+?\sPHPSESSID=.+?;'

I get the following error:
[WRN] [test-login] Could not execute request for : [urlutil:RUNTIME] failed to parse url got empty input
[FTL] Could not fetch dynamic secret: no extracted values found for dynamic secret

[tarunKoyalwar]

@Lebotek , you were almost correct but here are some things you missed in template

dynamic:
  - template: login.yaml
    variables:
      - key: username  # <- its `key` and not `name`
        value: admin
      - key: password  # <- its `key` and not `name`
        value: password
    type: cookie
    domains:
      - localhost:4280
    input: http://localhost:80 # <- specify input where auth templates should be run ( specify here or make template a self-contained one)
    cookies:
      - raw: "{{session-cookie}}"

id: test-login

info:
  name: DVWA Login
  author: lebotek
  severity: info
  description: |
    Login template for testing.
  tags: test,login

requests:
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
    extractors:
      - type: regex
        name: session-cookie # <- this name should match variable name in secret file (earlier it was cookie and not session-cookie)
        part: header
        internal: true # <- this is optional and not a requirement 
        regex:
          - 'Set-Cookie.+?\sPHPSESSID=.+?;'

nuclei -id tech-detect -sf secrets.yaml -v -ps -u http://localhost:80                                       

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.2.8

		projectdiscovery.io

[VER] Started metrics server at localhost:9092
[WRN] Excluded 115 template[s] with known weak matchers / tags excluded from default run using .nuclei-ignore
[INF] Current nuclei version: v3.2.8 (latest)
[INF] Current nuclei-templates version: v9.8.7 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 62
[INF] Templates loaded for current scan: 1
[INF] Executing 1 signed templates from projectdiscovery/nuclei-templates
[INF] Targets loaded for current scan: 1
[INF] Pre-fetching secrets from authprovider[s]
[VER] [test-login] Sent HTTP request to http://localhost:80
[VER] [tech-detect] Sent HTTP request to http://localhost:80
[tech-detect:php] [http] [info] http://localhost:80

setup

docker run --rm -it -p 80:80 vulnerables/web-dvwa

looks like we need to improve docs or new blog post with example about ^ (auth)
cc: @GeorginaReeder

[Lebotek]

I got it working now. Thank you very much! :)