katana icon indicating copy to clipboard operation
katana copied to clipboard
verified publisher icon projectdiscovery

Headless issue with root user

Open edoardottt opened this issue 3 years ago • 0 comments

Context: #131.

⚠️⚠️I know the tests I have just added are failing, I would like to know if accepting custom headers with empty key or empty value is an intended implementation.⚠️⚠️

sudo /home/edoardottt/go/bin/katana -hl -u http://edoardottt.com
[sudo] password for edoardottt: 

   __        __                
  / /_____ _/ /____ ____  ___ _
 /  '_/ _  / __/ _  / _ \/ _  /
/_/\_\\_,_/\__/\_,_/_//_/\_,_/ v0.0.1							 

		projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[FTL] could not create runner: could not create standard crawler: [launcher] Failed to get the debug url: [1107/180405.382126:ERROR:zygote_host_impl_linux.cc(90)] Running as root without --no-sandbox is not supported. See https://crbug.com/638180.

This PR adds two flags as suggested:

   -hoa, -headless-optional-arguments string[]  pass optional arguments to chrome
   -hns, -headless-no-sandbox                   start chrome in --no-sandbox mode

I don't know actually if this is the best solution possible, -hns seems redundant when -hoa is present. Another solution could be try to detect if the user has sudo privileges (only on Linux?).

However, now it seems to work well with both two new flags:

Using -hoa

sudo ./cmd/katana/katana -hl -hoa no-sandbox=true -u http://edoardottt.com

   __        __                
  / /_____ _/ /____ ____  ___ _
 /  '_/ _  / __/ _  / _ \/ _  /
/_/\_\\_,_/\__/\_,_/_//_/\_,_/ v0.0.1							 

		projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
http://edoardottt.com/blog.html
http://edoardottt.com/cve.html
http://edoardottt.com/aboutme.html
http://edoardottt.com/cv.html

Using -hns

sudo ./cmd/katana/katana -hl -hns -u http://edoardottt.com

   __        __                
  / /_____ _/ /____ ____  ___ _
 /  '_/ _  / __/ _  / _ \/ _  /
/_/\_\\_,_/\__/\_,_/_//_/\_,_/ v0.0.1							 

		projectdiscovery.io

[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
http://edoardottt.com/blog.html
http://edoardottt.com/cve.html
http://edoardottt.com/aboutme.html
http://edoardottt.com/cv.html

Moreover, I have added some tests in order to check errors in the new function ParseHeadlessOptionalArguments() and the function ParseCustomHeaders().

This PR closes #131.

edoardottt avatar Nov 07 '22 17:11 edoardottt