Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(http): assign customHeaders to the map directly #5445

Conversation

dwisiswant0
Copy link
Member

Proposed changes

Fix #5288.

[...] also add skip expr if header key is "Host".

Proof

As in the doc, "[...] To use non-canonical keys, assign to the map directly".

Template:

# headers-case-sensitive.yaml

id: test

info:
  name: test
  author: dwisiswant0
  severity: info
  description: test
  tags: test

http:
  - method: GET
    path:
      - "{{BaseURL}}/"
    headers:
      x-request-type: base
  - raw:
      - |
        GET / HTTP/1.1
        Host: {{Hostname}}
        x-request-type: raw

Command

go run cmd/nuclei/main.go -H "foo: bar" -H "lOrem: iPsum" -t headers-case-sensitive.yaml -u https://scanme.sh -debug-req

Output

Before:

[INF] [test] Dumped HTTP request for https://scanme.sh/

GET / HTTP/1.1
Host: scanme.sh
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1.2 Mobile/15E148 Safari/604.1
Connection: close
Accept: */*
Accept-Language: en
Foo: bar
Lorem: iPsum
x-request-type: base
Accept-Encoding: gzip

[INF] [test] Dumped HTTP request for https://scanme.sh

GET / HTTP/1.1
Host: scanme.sh
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.5 Safari/605.2.19
Connection: close
Foo: bar
Lorem: iPsum
x-request-type: raw
Accept-Encoding: gzip

[INF] No results found. Better luck next time!

After:

[INF] [test] Dumped HTTP request for https://scanme.sh/

GET / HTTP/1.1
Host: scanme.sh
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 14_3_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.3.1 Safari/605.1.15
Connection: close
Accept: */*
Accept-Language: en
foo: bar
lOrem: iPsum
x-request-type: base
Accept-Encoding: gzip

[INF] [test] Dumped HTTP request for https://scanme.sh

GET / HTTP/1.1
Host: scanme.sh
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_5_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.1 Safari/605.1.15
Connection: close
foo: bar
lOrem: iPsum
x-request-type: raw
Accept-Encoding: gzip

[INF] No results found. Better luck next time!

Checklist

  • Pull request is created against the dev branch
  • All checks passed (lint, unit/integration/regression tests etc.) with my changes
  • I have added tests that prove my fix is effective or that my feature works
  • I have added necessary documentation (if appropriate)

also add skip expr if header key is "Host"

Signed-off-by: Dwi Siswanto <[email protected]>
@dwisiswant0 dwisiswant0 requested a review from ehsandeep July 25, 2024 10:50
@ehsandeep ehsandeep requested a review from Mzack9999 July 26, 2024 08:14
Copy link
Member

@tarunKoyalwar tarunKoyalwar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm!
@dwisiswant0 any specific reason we would want to convert them to lower case ?

if you meant converting kk during comparison ex:

if strings.ToLower(kk) == "Host" 

we can do that as well as extra validation

@dwisiswant0
Copy link
Member Author

if you meant converting kk during comparison ex:

That's correct.

@dwisiswant0 dwisiswant0 merged commit 6d325a4 into projectdiscovery:dev Jul 26, 2024
12 checks passed
@dwisiswant0 dwisiswant0 deleted the dwisiswant0/feat/case-sensitive-header-key branch July 26, 2024 18:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Nuclei transparently capitalizes and cannonicalizes headers
3 participants