interactsh icon indicating copy to clipboard operation
interactsh copied to clipboard
verified publisher icon projectdiscovery

Add optional signing, domain verification, and path-scoped dynamic responses

Open realgam3 opened this issue 1 month ago • 4 comments

Please describe your feature request:

Add three optional enhancements to dynamic responses, each independently toggleable: 1. Signed updates (HMAC): server verifies signature using a per-deployment secret/keypair. 2. Domain ownership gating: allow dynamic responses only for domains registered by the interactsh client. 3. Path-scoped updates: API to set/update responses for specific HTTP paths (optionally with wildcards) with TTLs.

These are disabled by default and can be enabled independently via config/flags (e.g., DYNAMIC_SIGNING=on + SIGNING_KEY=..., DOMAIN_VERIFICATION=on, DYNAMIC_PATHS=on).

Describe the use case of this feature:

•	Security: prevent unauthorized edits when -dynamic is enabled; restrict usage to owned domains.
•	DX & automation: set per-path payloads to simplify scripts and concurrent tests.
•	Incremental adoption: fully backward-compatible; deployments can opt into any subset without changing current workflows.

realgam3 avatar Oct 31 '25 20:10 realgam3

I can create the PR myself, just want to make sure you are on board...

realgam3 avatar Oct 31 '25 20:10 realgam3

@realgam3 go for it

ehsandeep avatar Oct 31 '25 20:10 ehsandeep

@realgam3 Thanks for the feature request! Let us know if you need any help while implementing this!

dogancanbakir avatar Nov 10 '25 14:11 dogancanbakir

@realgam3 Thanks for the feature request! Let us know if you need any help while implementing this!

Thank you :) I will start working on it as soon as possible

realgam3 avatar Nov 10 '25 14:11 realgam3