Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong order using raw HTTP with pipelining #5171

Open
raw-phil opened this issue May 12, 2024 · 0 comments
Open

Wrong order using raw HTTP with pipelining #5171

raw-phil opened this issue May 12, 2024 · 0 comments
Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.

Comments

@raw-phil
Copy link

Nuclei version: v3.2.7

Current Behavior:

Nuclei send raw HTTP requests in wrong order when pipelining is active.

Expected Behavior:

Template:

id: multiple-raw-pipeline
info:
  name: Test Raw pipeline
  author: raw-phil
  severity: info

http:
  - raw:
      - |+
        GET / HTTP/1.1
        Host: {{Hostname}}

      - |+
        POST /testing HTTP/1.1
        Host: {{Hostname}}

    unsafe: true
    pipeline: true
    matchers:
      - type: word
        words:
          - "Test matcher"

I expect that nuclei will send first the GET and then the POST request, but the order is inverted.

$ nc -l 127.0.0.1 8080
POST /testing HTTP/1.1
Host: 127.0.0.1:8080

GET / HTTP/1.1
Host: 127.0.0.1:8080

Steps To Reproduce:

nuclei -t ./wrong-order-raw.yaml -u http://127.0.0.1:8080 --debug

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.2.7

		projectdiscovery.io

[INF] Current nuclei version: v3.2.7 (latest)
[INF] Current nuclei-templates version: v9.8.6 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 65
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [multiple-raw-pipeline] Dumped HTTP request for http://127.0.0.1:8080

POST / HTTP/1.1
Host: 127.0.0.1:8080

[INF] [multiple-raw-pipeline] Dumped HTTP request for http://127.0.0.1:8080

GET / HTTP/1.1
Host: 127.0.0.1:8080

...
@raw-phil raw-phil added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label May 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@raw-phil