nuclei icon indicating copy to clipboard operation
nuclei copied to clipboard

Published 20 hours ago verified publisher icon projectdiscovery

Support / add `proxy-server` input mode to fuzz / run checks on live traffic

Open tarunKoyalwar opened this issue 1 year ago • 1 comments

Please describe your feature request:

  • follow-up of https://github.com/projectdiscovery/nuclei/pull/4941#pullrequestreview-1961321544
  • the idea is to add / implement a proxy server in nuclei ( more like proxify + nuclei ) integration to run templates / checks on live proxy traffic

Describe the use case of this feature:

  • this will eliminate format specific dependencies & edgecase handling like we do in openapi schema etc

Know Issues

  • Fuzzing Live traffic actively might not be as helpful since it has its own set of challenges like unresponsiveness in browser , ratelimits hit due to sending large number of requests etc

tarunKoyalwar avatar Mar 28 '24 13:03 tarunKoyalwar

I think it's way more functional than blind DAST fuzzing as, for example, it allows specific authorization checks like https://github.com/PortSwigger/autorize, that are the most difficult to catch and generally the most impactful ones

Mzack9999 avatar Mar 29 '24 12:03 Mzack9999