nuclei icon indicating copy to clipboard operation
nuclei copied to clipboard

Published 20 hours ago verified publisher icon projectdiscovery

Support for timeout matcher (dsl)

Open princechaddha opened this issue 3 years ago • 3 comments
trafficstars

Please describe your feature request:

Add support for a matcher that detects whether the host results in a timeout or not.

Describe the use case of this feature:

This can be useful for detecting DOS templates since we can verify that the host cannot be reached after the request with the payload has been sent.

Another use case would be adding an additional matcher to oast templates where the server timeouts while sending arbitrary requests, for these hosts, we have to only rely on the callbacks . This will prevent false positives on the honeypots that simply send requests to any URL they receive.

id: basic-example

info:
  name: Test HTTP Template
  author: pdteam
  severity: info

requests:
  - method: GET
    path:
      - "{{BaseURL}}"

    matchers:
      - type: dsl
        dsl:
          - "timeout == false"

princechaddha avatar Jul 26 '22 11:07 princechaddha

Potential follow up ticket:

  • General matcher on errors (timeout, connection error, etc)

Mzack9999 avatar Sep 08 '22 13:09 Mzack9999

The feature request is problematic as the timeout is one important error that it's necessary to track to drop unresponsive hosts. Instead, we need to ignore the error cache and perform the template flow. The implementation should:

  • Work cross protocol (network => I/O timeout, HTTP => timeout | status code timeout, SSL => I/O timeout, headless => page timeout)
  • We should introduce a new matcher time specific for errors
  • If the template has any error matcher (either custom type or within DSL), then the output event should be triggered anyway, populating the metadata properly with error info

Mzack9999 avatar Dec 07 '22 23:12 Mzack9999