Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix stdin parsing #2021

Open
wants to merge 6 commits into
base: dev
Choose a base branch
from
Open

fix stdin parsing #2021

wants to merge 6 commits into from

Conversation

dogancanbakir
Copy link
Member

Closes #2020

@noaho
Copy link

noaho commented Dec 5, 2024

This pull request breaks -vhost-input for me, see #2020

@dogancanbakir
Copy link
Member Author

@noaho I'll update this PR -was gatherin more info on this feature.

@dogancanbakir dogancanbakir removed the request for review from ehsandeep December 5, 2024 13:57
@noaho
Copy link

noaho commented Dec 9, 2024

If it helps my understanding of the feature is this:

Sometimes you have hosts that you need to specify by IP, to do vhost discovery. (Send different Hosts: header for the same IP)

You might also want to process multiple hosts / vhosts in one session without starting up multiple HTTPX.

So you specify each vhost/IP pair on stdin like this:
cat inputfile.txt | httpx -vhost-input -title

You would of course have a input file with multiple vhosts you want to try on an IP (and multiple hosts you want to test) like this:

inputfile.txt

example.org,https://93.184.215.14
example2.org,https://93.184.215.14
www.google.com,https://74.125.68.147

This should give output like this:

    __    __  __       _  __
   / /_  / /_/ /_____ | |/ /
  / __ \/ __/ __/ __ \|   /
 / / / / /_/ /_/ /_/ /   |
/_/ /_/\__/\__/ .___/_/|_|
             /_/

                projectdiscovery.io

[INF] Current httpx version v1.6.9 (latest)
[WRN] UI Dashboard is disabled, Use -dashboard option to enable
https://93.184.215.14 [Example Domain]
https://74.125.68.147 [Google]
http://93.184.215.14 [404 - Not Found]

@dogancanbakir
Copy link
Member Author

@noaho I've made some updates. Please give it another try and share your thoughts. Thanks!

This reverts commit ff00cee.
@@ -1302,6 +1302,29 @@ func (r *Runner) RunEnumeration() {
}
}

func parseVhostInput(input string) (hostname, ip string, err error) {
// Expecting format: host[ip]
if !strings.Contains(input, "[") || !strings.HasSuffix(input, "]") {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure if we also should keep supporting the old format:

target,vhost

since we are introducing a breaking change. What do you think?

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know you weren't asking me, but my 2c anyway is that the old format with , was poorly (if at all) documented and I had to work it out from the source. I don't think anyone knows about it / is using it

So if the new format host[ip] could be documented somewhere then the new format is probably better

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe we can go with the new format and +1 to document it.

@noaho
Copy link

noaho commented Jan 21, 2025

Hi @dogancanbakir,

I tried the changes with both formats and it seems the new format isn't passing through the URL properly - the end web server seems to see only IP address, no Host: or sni.

While the old format seems to ignore the scheme, and always probe with https.

go install github.com/projectdiscovery/httpx/cmd/httpx@4dc7f90 # (this is the right commit, right? it's the last one you did)

# Make sure you re-resolve example.org if stealing my examples, the IP did change for me once
cat inputfile.txt
example.org,http://23.215.0.133
example.org,https://23.215.0.133

cat inputfile2.txt
http://example.org[23.215.0.133]
https://example.org[23.215.0.133]
cat inputfile.txt | httpx -vhost-input -json -no-fallback-scheme | jq

    __    __  __       _  __
   / /_  / /_/ /_____ | |/ /
  / __ \/ __/ __/ __ \|   /
 / / / / /_/ /_/ /_/ /   |
/_/ /_/\__/\__/ .___/_/|_|
             /_/

                projectdiscovery.io

[INF] Current httpx version v1.6.9 (latest)
[WRN] UI Dashboard is disabled, Use -dashboard option to enable
{
  "timestamp": "2025-01-21T03:49:49.243668565Z",
  "port": "443",
  "url": "https://23.215.0.133",
  "input": "example.org,https://23.215.0.133",
  "title": "Example Domain",
  "scheme": "https",
  "content_type": "text/html",
  "method": "GET",
  "host": "23.215.0.133",
  "path": "/",
  "time": "32.104988ms",
  "a": [
    "23.215.0.133"
  ],
  "tech": [
    "HTTP/3"
  ],
  "words": 298,
  "lines": 46,
  "status_code": 200,
  "content_length": 1256,
  "failed": false,
  "knowledgebase": {
    "PageType": "nonerror",
    "pHash": 0
  }
}
{
  "timestamp": "2025-01-21T03:49:49.24683302Z",
  "port": "443",
  "url": "https://23.215.0.133",
  "input": "example.org,http://23.215.0.133",
  "title": "Example Domain",
  "scheme": "https",
  "content_type": "text/html",
  "method": "GET",
  "host": "23.215.0.133",
  "path": "/",
  "time": "34.903798ms",
  "a": [
    "23.215.0.133"
  ],
  "tech": [
    "HTTP/3"
  ],
  "words": 298,
  "lines": 46,
  "status_code": 200,
  "content_length": 1256,
  "failed": false,
  "knowledgebase": {
    "PageType": "nonerror",
    "pHash": 0
  }
}

Note the scheme is https, twice. It didn't try on http.

cat inputfile2.txt | httpx -vhost-input -json -no-fallback-scheme | jq

    __    __  __       _  __
   / /_  / /_/ /_____ | |/ /
  / __ \/ __/ __/ __ \|   /
 / / / / /_/ /_/ /_/ /   |
/_/ /_/\__/\__/ .___/_/|_|
             /_/

                projectdiscovery.io

[INF] Current httpx version v1.6.9 (latest)
[WRN] UI Dashboard is disabled, Use -dashboard option to enable
{
  "timestamp": "2025-01-21T03:51:23.06037323Z",
  "port": "80",
  "url": "http://23.215.0.133",
  "input": "http://example.org[23.215.0.133]",
  "title": "Invalid URL",
  "scheme": "http",
  "webserver": "AkamaiGHost",
  "content_type": "text/html",
  "method": "GET",
  "host": "23.215.0.133",
  "path": "/",
  "time": "7.496144ms",
  "a": [
    "23.215.0.133"
  ],
  "words": 8,
  "lines": 8,
  "status_code": 400,
  "content_length": 310,
  "failed": false,
  "knowledgebase": {
    "PageType": "error",
    "pHash": 0
  }
}
{
  "timestamp": "2025-01-21T03:51:23.074694035Z",
  "port": "443",
  "url": "https://23.215.0.133",
  "input": "https://example.org[23.215.0.133]",
  "title": "Invalid URL",
  "scheme": "https",
  "webserver": "AkamaiGHost",
  "content_type": "text/html",
  "method": "GET",
  "host": "23.215.0.133",
  "path": "/",
  "time": "21.762277ms",
  "a": [
    "23.215.0.133"
  ],
  "words": 8,
  "lines": 8,
  "status_code": 400,
  "content_length": 310,
  "failed": false,
  "knowledgebase": {
    "PageType": "error",
    "pHash": 0
  }
}

Note it didn't pass the correct Host: or SNI

Cheers!

@noaho
Copy link

noaho commented Jan 24, 2025

the other problem I have with this functionality is when you use the screenshot function, it saves the screenshots as the IP address only, so when you have multiple vhosts/IP pairs it just overwrites and corrupts them after the first one..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Scheme https is forced for -vhost-input even when using -no-fallback-scheme
3 participants