Try Interactsh 5 Times before throwing Exception #1365
+19
−3
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Both amiremami and I have noticed a flood of
interactsh
errors in our scans. All of the pytests for interactsh worked but it seemed that doing it in production would throw anError polling interact.sh: No response from server
error. This was confusing because we would send a registration request to the Interactsh Team asking for a server instance to be spun up specifically for this; no reason to not get a response.I've added an
asyncio.sleep(0.2)
and a smallrange(5)
loop to ensure that interactsh at least communicates with the server once. If it gets a good response, it'll jump out of that loop and continue.Since Interactsh would throw an error nearly everytime, both generic_ssrf and dotnetnuke (which depend on it) have been useless.
Review
bbot -t tesla.com -m httpx generic_ssrf
bbot -t tesla.com -f passive subdomain-enum web-thorough cloud-enum -m gowitness fingerprintx wafw00f bypass403 -em smuggler azure_realm, azure_tenant bucket_amazon bucket_azure bucket_digitalocean bucket_file_enum bucket_firebase bucket_google -om asset_inventory emails json