nuclei icon indicating copy to clipboard operation
nuclei copied to clipboard

Published 20 hours ago verified publisher icon projectdiscovery

Headless templates don't work with recent nuclei version

Open zerodivisi0n opened this issue 2 years ago • 2 comments

Nuclei version:

2.7.2

Current Behavior:

Headless templates runs fail with error:

Could not execute request for https://example.com: could get html element: error occurred executing action: eval js error: TypeError: Cannot read properties of undefined (reading 'apply')
    at <anonymous>:27:7 <nil>

Expected Behavior:

Headless templates runs are executed successfully.

Steps To Reproduce:

I had this error initially on a local linux workstation. To confirm the error, I reproduced it on a clean installation of nuclei inside the docker:

$ docker run -it --rm golang:1.18-alpine sh
$ apk add chromium # install go-rod dependency
$ go install -v github.com/projectdiscovery/nuclei/v2/cmd/nuclei@latest
$ nuclei # sync templates
$ echo https://example.com | nuclei -v -headless -t /root/nuclei-templates/headless/postmessage-tracker.yaml
[WRN] Use with caution. You are responsible for your actions.
[WRN] Developers assume no liability and are not responsible for any misuse or damage.
[WRN] The current platform and privileged user will run the browser without sandbox
[INF] Using Nuclei Engine 2.7.2 (latest)
[INF] Using Nuclei Templates 9.0.6 (latest)
[INF] Templates added in last update: 0
[INF] Templates loaded for scan: 1
[WRN] [postmessage-tracker] Could not execute request for https://example.com: could get html element: error occurred executing action: eval js error: TypeError: Cannot read properties of undefined (reading 'apply')
    at <anonymous>:27:7 <nil>
[INF] No results found. Better luck next time!

Anything else:

It seems to me that this is some kind of problem with the version of go-rod runtime. Firstly, the documentation says that the closure inside script block should not be called. So it should be:

- action: script
  args:
    code: function() { ... }
    hook: true

instead of:

- action: script
  args:
    code: (function() { ... })()
    hook: true

This fixed the error above, but did not solve the problem entirely. It looks like that the navigate action clears javascript context. For example:

- action: script
  args:
    code: function() { window.a='test'; }
    hook: true
- action: navigate
  args: 
    url: "{{BaseURL}}"
- action: script
  args:
    code: function() { window.a } # window.a is undefined here
  name: script-name

zerodivisi0n avatar Jun 13 '22 16:06 zerodivisi0n

A PR with the relevant changes for the public templates has been created, but they were not yet validated:

https://github.com/projectdiscovery/nuclei-templates/pull/4484

This does not handle the scope reduction though.

forgedhallpass avatar Jun 14 '22 16:06 forgedhallpass

It seems like the persistence of user-defined values of the window object is behaving as expected since such behavior is mentioned only for the particular window.name property (ref. https://developer.mozilla.org/en-US/docs/Web/API/Window/name). Upon page reload, navigation to different pages in the same tab, and so on, chrome reset the window object. localStorage/sessionStorage should be the preferred way to share values for the same domain.

Mzack9999 avatar Jul 10 '22 15:07 Mzack9999

Closing as this seems expected behavior - The issue will be reopened if further investigations/explanations are needed.

Mzack9999 avatar Nov 23 '22 15:11 Mzack9999