nuclei icon indicating copy to clipboard operation
nuclei copied to clipboard
verified publisher icon projectdiscovery

[BUG] http-race-conditions functionality not working as expected in v3.2.x, v3.3.x

Open 666asd opened this issue 1 year ago • 2 comments

Is there an existing issue for this?

  • [x] I have searched the existing issues.

This problem seems to have been solved once. But it reappeared. https://github.com/projectdiscovery/nuclei/issues/3488

Current Behavior

I've written an HTTP server in Python that delays for 2 seconds upon receiving each request.

from http.server import HTTPServer, BaseHTTPRequestHandler, ThreadingHTTPServer
import time

class SimpleHTTPRequestHandler(BaseHTTPRequestHandler):
    def do_GET(self):
        print(f"Handling GET request for {self.path}")
        time.sleep(2)
        self.send_response(200)
        self.send_header('Content-type', 'text/html')
        self.end_headers()
        self.wfile.write(b"Hello, world! This is a delayed response.")

port = 9999
server_address = ('', port)

httpd = ThreadingHTTPServer(server_address, SimpleHTTPRequestHandler)

print(f"Starting server on port {port}...")
httpd.serve_forever()

Create a file "race.yaml" and populate it with the following template:

id: race-condition-testing

info:
  name: Race condition testing with multiple requests
  author: pdteam
  severity: info

requests:
  - raw:  
      - |
        GET / HTTP/1.1
        Pragma: no-cache
        Host: {{Hostname}}
        Cache-Control: no-cache, no-transform
        User-Agent: Mozilla/5.0

      - |
        GET / HTTP/1.1
        Pragma: no-cache
        Host: {{Hostname}}
        Cache-Control: no-cache, no-transform
        User-Agent: Mozilla/5.0

      - |
        GET / HTTP/1.1
        Pragma: no-cache
        Host: {{Hostname}}
        Cache-Control: no-cache, no-transform
        User-Agent: Mozilla/5.0
    threads: 2
    race: true

    matchers:
      - type: status
        status:
          - 200

Run nuclei -duc -t /tmp/race.yaml -u http://127.0.0.1:9999

The request log for the HTTP server is as follows:

Image

When v2.9.x and v3.1.x are used, the server receives the first two requests at the same time. However, when v3.2.x and v3.3.x are used, the interval between the three requests is 2 seconds.

Expected Behavior

The first two requests should be sent at the same time.

Steps To Reproduce

nuclei -duc -t /tmp/race.yaml -u http://127.0.0.1:9999

Relevant log output

No response

Environment

  • OS: windows/linux
  • Nuclei: v3.2.x v3.3.x
  • Go:

Anything else?

No response

666asd avatar Oct 10 '24 01:10 666asd

@ehsandeep

666asd avatar Nov 21 '24 02:11 666asd

Bug still exists!, there is a delay between requests @ehsandeep

CorrM avatar Sep 15 '25 12:09 CorrM