All 'method: POST' templates using 'Transfer-Encoding: chunked' header

[AaronChen0]

Nuclei version:

v2.9.10

Current Behavior:

All templates with 'method: POST' are using 'Transfer-Encoding: chunked' header instead of the usual 'Content-length' header.

Expected Behavior:

All templates with 'method: POST' use the usual 'Content-length' header unless specified in raw requests.

Steps To Reproduce:

1. Search "method: POST" in the github repo, find the templates using "method: POST", for example: CVE-2022-35405
2. Run nuclei command:

nuclei -u http://example.com -id CVE-2022-35405 -debug

output:

POST /xmlrpc HTTP/1.1
Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.2117.157 Safari/537.36
Connection: close
Transfer-Encoding: chunked
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Language: en
Accept-Encoding: gzip

99
<?xml version="1.0"?><methodCall><methodName>2TeDvIjQ4pQDDRLEMQ4i6szicGd</methodName><params><param><value>big0us</value></param></params></methodCall>

0

[DBG] [CVE-2022-35405] Dumped HTTP response http://example.com/xmlrpc

HTTP/1.1 404 Not Found
Connection: close
Content-Length: 433
Cache-Control: max-age=604800
Content-Type: text/html; charset=UTF-8
Date: Mon, 07 Aug 2023 07:54:42 GMT
Expires: Mon, 14 Aug 2023 07:54:42 GMT
Server: EOS (vny/044F)

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
         "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
	<head>
		<title>404 - Not Found</title>
	</head>
	<body>
		<h1>404 - Not Found</h1>
		<script type="text/javascript" src="//obj.ac.bcon.ecdns.net/ec_tpm_bcon.js"></script>
	</body>
</html>
[INF] No results found. Better luck next time!

[ehsandeep]

@AaronChen0 thanks for flagging, this is already fixed in dev with #3947

[CHYbeta]

@ehsandeep Hello，bro。

It seems the bug still exists

nuclei -duc -t http/cves/2020/CVE-2020-16846.yaml -u http://x.x.x.x:8080

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.9.12

                projectdiscovery.io

[INF] Current nuclei version: v2.9.12 (outdated)
[INF] Current nuclei-templates version: v9.6.1 (outdated)
[INF] New templates added in latest release: 198
[INF] Templates loaded for current scan: 1
[INF] Targets loaded for current scan: 1

[cn-kali-team]

@ehsandeep Hello，bro。

It seems the bug still exists

nuclei -duc -t http/cves/2020/CVE-2020-16846.yaml -u http://x.x.x.x:8080

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v2.9.12

                projectdiscovery.io

[INF] Current nuclei version: v2.9.12 (outdated)
[INF] Current nuclei-templates version: v9.6.1 (outdated)
[INF] New templates added in latest release: 198
[INF] Templates loaded for current scan: 1
[INF] Targets loaded for current scan: 1

尴尬

[peterzyk]

bug依旧存在。并且在最新版本2.9.15中，debug不会显示chunked，但是实际的流量包依旧会添加chunked。
有一点比较独特的是：使用-p参数 ex: -p http://127.0.0.1:8080 ,所有流量走一次代理，就不会出现这样的问题

[ehsandeep]

@AaronChen0 @CHYbeta @cn-kali-team @peterzyk This is now fixed in the latest release.