Try Interactsh 5 Times before throwing Exception

[stryker2k2]

Summary

Both amiremami and I have noticed a flood of interactsh errors in our scans. All of the pytests for interactsh worked but it seemed that doing it in production would throw an Error polling interact.sh: No response from server error. This was confusing because we would send a registration request to the Interactsh Team asking for a server instance to be spun up specifically for this; no reason to not get a response.

I've added an asyncio.sleep(0.2) and a small range(5) loop to ensure that interactsh at least communicates with the server once. If it gets a good response, it'll jump out of that loop and continue.

Since Interactsh would throw an error nearly everytime, both generic_ssrf and dotnetnuke (which depend on it) have been useless.

Review

• Run a small scan to verify (with either generic_ssrf or dotnetnuke) that there are no "Error polling interact.sh: No response from server" errors
  • bbot -t tesla.com -m httpx generic_ssrf
• Run the larger scan that amiremami originally posted (optional)
  • bbot -t tesla.com -f passive subdomain-enum web-thorough cloud-enum -m gowitness fingerprintx wafw00f bypass403 -em smuggler azure_realm, azure_tenant bucket_amazon bucket_azure bucket_digitalocean bucket_file_enum bucket_firebase bucket_google -om asset_inventory emails json

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 71.42857% with 2 lines in your changes are missing coverage. Please review.

Project coverage is 92%. Comparing base (5cef4c0) to head (cc82c43).

Files	Patch %	Lines
bbot/core/helpers/interactsh.py	72%	2 Missing ⚠️

Additional details and impacted files

@@           Coverage Diff            @@
##           bbot-2.0   #1365   +/-   ##
========================================
- Coverage        92%     92%   -0%     
========================================
  Files           333     333           
  Lines         22224   22229    +5     
========================================
- Hits          20332   20319   -13     
- Misses         1892    1910   +18     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[TheTechromancer]

@stryker2k2 were you able to reproduce this error?

[stryker2k2]

I was able to reproduce the flood of interactsh errors, yes. On multiple occasions with various combinations of modules and targets.

With this commit, I haven't seen any interactsh errors at all when ran against the same tests as before.

[TheTechromancer]

@stryker2k2 thanks for your work but before we merge this we need to understand what is causing this bug and why the fix works.

From Amir's screenshot it looks like every poll is falling. It seems strange that issuing more requests would fix it. Some questions I have would be, roughly what percentage of requests are failing and what kind of failures are they? Are they timeouts? DNS resolution errors? Is the web server rejecting the connection? Understanding this will help us find the best approach for fixing it.