Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add ability to specify root-path favicon file via commandline parameter in interactsh-server #797

Open
mikedesu opened this issue Feb 14, 2024 · 4 comments
Open

Add ability to specify root-path favicon file via commandline parameter in interactsh-server #797

mikedesu opened this issue Feb 14, 2024 · 4 comments
Labels
Type: Enhancement Most issues will probably ask for additions or changes. Type: Question A query or seeking clarification on parts of the spec. Probably doesn't need the attention of all.

Comments

@mikedesu
Copy link

Please describe your feature request:

My idea is straight-forward:

I want to pass a cmdline flag like -favicon to interactsh-server in order to specify a local file to serve at the root path for any interactsh-client instances I spin up.

Describe the use case of this feature:

I think it would be interesting to serve a giant local file (1gb+) to a target that makes HTTP requests.

interactsh-server -domain mydomain.site -favicon giantfile

So when I run a local client, asfahfefkhqfreq.mydomain.site/favicon.ico would return the giantfile.

This kind of attack could render some headless browsers vulnerable to DDOS or resource exhaustion.
@mikedesu mikedesu added the Type: Enhancement Most issues will probably ask for additions or changes. label Feb 14, 2024
@ehsandeep
Copy link
Member

@mikedesu there is already support for it - https://github.com/projectdiscovery/interactsh?tab=readme-ov-file#static-file-hosting

@mikedesu
Copy link
Author

mikedesu commented Apr 6, 2024

Serving from /s/ isn't good enough. I want to serve and track the favicon that sites load from the root path

@Mzack9999
Copy link
Member

@mikedesu the file can already be served in the /s/ subpath or via dynamic response. Unfortunately without a strong use we prefer to keep the / serve the courtesy page.
Apart from DDOS detection, could you provide more context on the kind of use cases you have in mind?

@Mzack9999 Mzack9999 added the Type: Question A query or seeking clarification on parts of the spec. Probably doesn't need the attention of all. label Aug 29, 2024
@mikedesu
Copy link
Author

When I said "serve at the root path", I meant /favicon.ico.

During hunting, I see requests for /favicon.ico to my instance, but because of the lack of this feature, I cannot serve anything back for that path.

Or am I missing something?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Enhancement Most issues will probably ask for additions or changes. Type: Question A query or seeking clarification on parts of the spec. Probably doesn't need the attention of all.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mikedesu @ehsandeep @Mzack9999