nuclei icon indicating copy to clipboard operation
nuclei copied to clipboard
verified publisher icon projectdiscovery

Fuzzing loses context of request condition

Open Mzack9999 opened this issue 1 year ago • 3 comments

Nuclei version:

main|dev

Current Behavior:

Fuzzing uses a flat request iteration logic that loses context of ordering while fuzzing a particular element, namely request count is always zero at https://github.com/projectdiscovery/nuclei/blob/df67578d98df605d8a97d52b007d445dcc9c293e/pkg/protocols/http/request_fuzz.go#L195

Expected Behavior:

Either erroring if matchers/dsl contains request condition logic or introduce the concept of fuzzing context, while fuzzing a particular item (for example a query parameter) initialize a counter until the attack type has finished for that particular element:

matchers:
      - type: dsl
        dsl:
          - 'duration_1>18'
          - 'duration_2<7'

Mzack9999 avatar Mar 15 '24 08:03 Mzack9999

@Mzack9999 any update here?

iambouali avatar May 19 '24 20:05 iambouali

any update here?

nancunyitong avatar Jun 19 '24 03:06 nancunyitong

is this same problem? Current Behavior: image test template image

Expected Behavior: image

nancunyitong avatar Jun 20 '24 03:06 nancunyitong