projectdiscovery
Lack of validation to set to minimum length for custom length option
Interactsh version:
1.2.0
Current Behavior:
It seems that the interactsh-server which I run locally doesn't push dns queries to the client. I know that because running the client without parameters creates a subdomain of oast.fun and it is pulling the dns records just fine from your interactsh-server, but it doesn't show the dns queries that come to my hosted server, I configured my server to be name server of my own domain and it seems to be working fine, but the only problem dns queries are not be pushed to the interactsh-client.
Expected Behavior:
interactsh-client pulls dns queries from the local hosted interactsh-server
Steps To Reproduce:
- run the server like this:
./interactsh-server -http-directory /root/interactsh -dsp /root/interactsh-storage -ds -wildcard -d interact.myowndomain.com -http-index /root/interactsh/banner.html -server-header "nginx/1.19.2" -disable-version -cidn 1 -cidl 1 - take the client token from above and feed it to this command:
./interactsh-client -server http://interact.rt.dnsabr.com -token your_token_goes_here -v -json -cidn 1 -cidl 13.check if it works:curl https://dededded.interact.myowndomain.com4.you will see that it works and the client shows all http interactions but not the dns ones.
I hope this helps Regards
Yes I get the same issue. curl mydomain.com works but nslookup mydomain.com doesn't work.
hello @DOCTORBALISE , I just found out that setting -cidn and -cidl to small values somehow is the problem (I might be wrong), I removed them altogether and I get everything to work fine even the http index page that I configured the server to use (and it wasn't using it for some reason) now is being used. I tried to figure out the minimal values for dns to work and I got this: -cidn 5 -cidl 4
I hope this helps Regards
@thepoorhacker This is due to -cidn 1, -cidl 1. It cannot be this short. We can add validation to enforce a minimum length for custom lengths.
