From f1a6a8d39f02641cea4ed5a7a1d61b51c5d3b960 Mon Sep 17 00:00:00 2001 From: xixixiba <1343995156@qq.com> Date: Mon, 29 Jan 2024 10:42:57 +0800 Subject: [PATCH 1/5] fix: duration is undefined/req_condition default value cannot be changed --- .../yaml/nuclei/protocols/http/__init__.py | 29 ++++++++++++++++--- 1 file changed, 25 insertions(+), 4 deletions(-) diff --git a/pocsuite3/lib/yaml/nuclei/protocols/http/__init__.py b/pocsuite3/lib/yaml/nuclei/protocols/http/__init__.py index 5e476106..99e7704f 100644 --- a/pocsuite3/lib/yaml/nuclei/protocols/http/__init__.py +++ b/pocsuite3/lib/yaml/nuclei/protocols/http/__init__.py @@ -1,5 +1,6 @@ from collections import OrderedDict from dataclasses import dataclass, field +import time from typing import Union, List, Optional from requests_toolbelt.utils import dump @@ -254,6 +255,10 @@ def extract_dict(text, line_sep='\n', kv_sep='='): def http_request_generator(request: HttpRequest, dynamic_values: OrderedDict): request_count = len(request.path + request.raw) + # Determine the number of requests and modify the req_condition attribute of the HttpRequest object + if request_count > 1: + request.req_condition = True + for payload_instance in payload_generator(request.payloads, request.attack): current_index = 0 dynamic_values.update(payload_instance) @@ -272,9 +277,14 @@ def http_request_generator(request: HttpRequest, dynamic_values: OrderedDict): else: raw = path.strip() raws = list(map(lambda x: x.strip(), raw.splitlines())) - method, path, _ = raws[0].split(' ') - url = f'{Marker.ParenthesisOpen}BaseURL{Marker.ParenthesisClose}{path}' - + # Extract timeout value + if raws[0].startswith('@timeout'): + timeout = Marker.extract_timeout_value(raws[0]) + del raws[0] + method, path, _ = raws[0].split(' ') + kwargs.setdefault('timeout', timeout) + else: + method, path, _ = raws[0].split(' ') if method == "POST": index = 0 for i in raws: @@ -290,6 +300,8 @@ def http_request_generator(request: HttpRequest, dynamic_values: OrderedDict): else: headers = extract_dict('\n'.join(raws[1:]), '\n', ": ") + url = f'{Marker.ParenthesisOpen}BaseURL{Marker.ParenthesisClose}{path}' + kwargs.setdefault('allow_redirects', request.redirects) kwargs.setdefault('data', data) kwargs.setdefault('headers', headers) @@ -324,7 +336,13 @@ def execute_http_request(request: HttpRequest, dynamic_values, interactsh) -> Un session.max_redirects = request.max_redirects else: session.max_redirects = 10 + + # Calculate response time + start_time = time.time() response = session.request(method=method, url=url, **kwargs) + end_time = time.time() + resp_time = end_time - start_time + # for debug purpose try: logger.debug(dump.dump_all(response).decode('utf-8')) @@ -335,8 +353,11 @@ def execute_http_request(request: HttpRequest, dynamic_values, interactsh) -> Un import traceback traceback.print_exc() response = None - + resp_data = http_response_to_dsl_map(response) + if response is not None: + resp_data['duration'] = resp_time + if response: response.close() From da787ec9da7530c0bc9bae1f5a8f24f2a75d3b2b Mon Sep 17 00:00:00 2001 From: xixixiba <1343995156@qq.com> Date: Mon, 29 Jan 2024 10:44:40 +0800 Subject: [PATCH 2/5] fix: @timeout cannot be parsed --- .../yaml/nuclei/protocols/common/expressions/__init__.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pocsuite3/lib/yaml/nuclei/protocols/common/expressions/__init__.py b/pocsuite3/lib/yaml/nuclei/protocols/common/expressions/__init__.py index c9afd97f..4f87aeac 100644 --- a/pocsuite3/lib/yaml/nuclei/protocols/common/expressions/__init__.py +++ b/pocsuite3/lib/yaml/nuclei/protocols/common/expressions/__init__.py @@ -31,6 +31,12 @@ class Marker: # ParenthesisClose marker - end of a placeholder ParenthesisClose = "}}" + def extract_timeout_value(raw_timeout: str) -> int: + match = re.search(r'@timeout:?(\d+)s', raw_timeout, re.IGNORECASE) + if match: + return int(match.group(1)) + return None + def auto_convert_types(func): @wraps(func) From a5c7a1e696f7f67753f6ad6f09ffbb2b97303189 Mon Sep 17 00:00:00 2001 From: wh0am1i <49847986+wh0am1i@users.noreply.github.com> Date: Tue, 6 Feb 2024 12:30:51 +0800 Subject: [PATCH 3/5] Update __init__.py --- pocsuite3/lib/yaml/nuclei/protocols/http/__init__.py | 1 - 1 file changed, 1 deletion(-) diff --git a/pocsuite3/lib/yaml/nuclei/protocols/http/__init__.py b/pocsuite3/lib/yaml/nuclei/protocols/http/__init__.py index 99e7704f..76b2adbd 100644 --- a/pocsuite3/lib/yaml/nuclei/protocols/http/__init__.py +++ b/pocsuite3/lib/yaml/nuclei/protocols/http/__init__.py @@ -357,7 +357,6 @@ def execute_http_request(request: HttpRequest, dynamic_values, interactsh) -> Un resp_data = http_response_to_dsl_map(response) if response is not None: resp_data['duration'] = resp_time - if response: response.close() From f1b1fd22e7abcb817623a78f932f3584429396a6 Mon Sep 17 00:00:00 2001 From: wh0am1i <49847986+wh0am1i@users.noreply.github.com> Date: Tue, 6 Feb 2024 12:33:49 +0800 Subject: [PATCH 4/5] Update __init__.py From df8474202beaea63793a521378ecaf4e8ead98e5 Mon Sep 17 00:00:00 2001 From: wh0am1i <49847986+wh0am1i@users.noreply.github.com> Date: Tue, 6 Feb 2024 12:39:36 +0800 Subject: [PATCH 5/5] Update __init__.py --- pocsuite3/lib/yaml/nuclei/protocols/http/__init__.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pocsuite3/lib/yaml/nuclei/protocols/http/__init__.py b/pocsuite3/lib/yaml/nuclei/protocols/http/__init__.py index 76b2adbd..b49ea632 100644 --- a/pocsuite3/lib/yaml/nuclei/protocols/http/__init__.py +++ b/pocsuite3/lib/yaml/nuclei/protocols/http/__init__.py @@ -353,13 +353,14 @@ def execute_http_request(request: HttpRequest, dynamic_values, interactsh) -> Un import traceback traceback.print_exc() response = None - + resp_data = http_response_to_dsl_map(response) if response is not None: resp_data['duration'] = resp_time + if response: response.close() - + extractor_res = http_extract(request, resp_data) for k, v in extractor_res['internal'].items(): if v == UNRESOLVED_VARIABLE and k in dynamic_values: