Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for URL Fuzzing in headless protocol #3339

Closed
theamanrawat opened this issue Feb 18, 2023 · 1 comment · Fixed by #3790
Closed

Support for URL Fuzzing in headless protocol #3339

theamanrawat opened this issue Feb 18, 2023 · 1 comment · Fixed by #3790
Assignees
@ShubhamRasal
Labels
headless Priority: Medium This issue may be useful, and needs some attention. Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.
Milestone
nuclei v2.9.7

Comments

@theamanrawat
Copy link

theamanrawat commented Feb 18, 2023
edited by ehsandeep
Loading

Currently, nuclei does not support for headless in fuzzing-templates. It would be great if you can add a support for this.

This feature would be great to create fuzzing templates for vulnerability which needs to be run on headless browser i:e., DOM XSS.

id: headless-query-fuzzing

info:
  name: Example Query Fuzzing
  author: pdteam
  severity: info

headless:
  - steps:
      - action: navigate
        args:
          url: "{{BaseURL}}"
      - action: waitload

    payloads:
      redirect:
        - "evil.com"

    fuzzing:
      - part: query
        mode: single
        fuzz:
          - "https://{{redirect}}"

    matchers:
      - type: regex
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?:\/\/|\/\/|\/\\\\|\/\\)?(?:[a-zA-Z0-9\-_\.@]*)evil\.com\/?(\/|[^.].*)?$' # https://regex101.com/r/ZDYhFh/1

Anything else?

projectdiscovery/nuclei-templates#7240
@theamanrawat theamanrawat added the Type: Enhancement Most issues will probably ask for additions or changes. label Feb 18, 2023
@ehsandeep ehsandeep changed the title Support for headless in fuzzing-templates. Support for URL Fuzzing in headless protocol Feb 20, 2023
@ehsandeep ehsandeep added the Priority: Medium This issue may be useful, and needs some attention. label May 17, 2023
@ehsandeep ehsandeep mentioned this issue May 17, 2023
Closed
@ShubhamRasal ShubhamRasal self-assigned this May 19, 2023
@ShubhamRasal ShubhamRasal linked a pull request May 24, 2023 that will close this issue
[WIP] Add Fuzzing in Headless mode #3733
Closed
7 tasks
@ShubhamRasal ShubhamRasal linked a pull request Jun 7, 2023 that will close this issue
Issue 3339 headless fuzz #3790
Merged
@ehsandeep ehsandeep removed a link to a pull request Jun 7, 2023
[WIP] Add Fuzzing in Headless mode #3733
Closed
7 tasks
@ehsandeep ehsandeep added this to the nuclei v2.9.7 milestone Jun 7, 2023
@ehsandeep ehsandeep added Status: Completed Nothing further to be done with this issue. Awaiting to be closed. headless labels Jun 9, 2023
@ehsandeep
Copy link
Member

@theamanrawat this is now supported into dev version of the project.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ShubhamRasal ShubhamRasal

Labels
headless Priority: Medium This issue may be useful, and needs some attention. Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Enhancement Most issues will probably ask for additions or changes.
Projects
None yet
Milestone
nuclei v2.9.7
Development

Successfully merging a pull request may close this issue.

Issue 3339 headless fuzz projectdiscovery/nuclei
3 participants
@ehsandeep @theamanrawat @ShubhamRasal