fix unresolved interactsh-url variable with fuzzing (projectdiscove…

…ry#5289) * fix unresolved interactsh variable with fuzzing * fix variables override with fuzzing
alban-stourbe-wmx · Jul 25, 2024 · 33dbb51 · 33dbb51
1 parent f930e9a
commit 33dbb51
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 5 deletions.
diff --git a/pkg/fuzz/execute.go b/pkg/fuzz/execute.go
@@ -167,9 +167,12 @@ func (rule *Rule) evaluateVarsWithInteractsh(data map[string]interface{}, intera
 	if rule.options.Interactsh != nil {
 		// Iterate through the data to replace and evaluate variables with Interactsh URLs
 		for k, v := range data {
+			value := fmt.Sprint(v)
 			// Replace variables with Interactsh URLs and collect new URLs
-			got, oastUrls := rule.options.Interactsh.Replace(fmt.Sprint(v), interactshUrls)
-
+			got, oastUrls := rule.options.Interactsh.Replace(value, interactshUrls)
+			if got != value {
+				data[k] = got
+			}
 			// Append new OAST URLs if any
 			if len(oastUrls) > 0 {
 				interactshUrls = append(interactshUrls, oastUrls...)

diff --git a/pkg/fuzz/parts.go b/pkg/fuzz/parts.go
@@ -181,9 +181,9 @@ func (rule *Rule) execWithInput(input *ExecuteRuleInput, httpReq *retryablehttp.
 // for fuzzing.
 func (rule *Rule) executeEvaluate(input *ExecuteRuleInput, _, value, payload string, interactshURLs []string) (string, []string) {
 	// TODO: Handle errors
-	values := generators.MergeMaps(input.Values, map[string]interface{}{
+	values := generators.MergeMaps(rule.options.Variables.GetAll(), map[string]interface{}{
 		"value": value,
-	}, rule.options.Options.Vars.AsMap(), rule.options.Variables.GetAll())
+	}, rule.options.Options.Vars.AsMap(), input.Values)
 	firstpass, _ := expressions.Evaluate(payload, values)
 	interactData, interactshURLs := rule.options.Interactsh.Replace(firstpass, interactshURLs)
 	evaluated, _ := expressions.Evaluate(interactData, values)

diff --git a/pkg/protocols/common/interactsh/const.go b/pkg/protocols/common/interactsh/const.go
@@ -8,7 +8,7 @@ import (
 
 var (
 	defaultInteractionDuration = 60 * time.Second
-	interactshURLMarkerRegex   = regexp.MustCompile(`{{interactsh-url(?:_[0-9]+){0,3}}}`)
+	interactshURLMarkerRegex = regexp.MustCompile(`(%7[B|b]|\{){2}(interactsh-url(?:_[0-9]+){0,3})(%7[D|d]|\}){2}`)
 
 	ErrInteractshClientNotInitialized = errors.New("interactsh client not initialized")
 )