Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Nuclei can't set headers in DAST fuzzing templates #5983

Open
1 task done
zerokeeper opened this issue Jan 14, 2025 · 0 comments · May be fixed by #5988
Open
1 task done

[BUG] Nuclei can't set headers in DAST fuzzing templates #5983

zerokeeper opened this issue Jan 14, 2025 · 0 comments · May be fixed by #5988
Assignees
@dogancanbakir
Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.

Comments

@zerokeeper
Copy link

zerokeeper commented Jan 14, 2025
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues.

Current Behavior

can't set headers in DAST fuzzing templates.

Expected Behavior

can set custom headers in DAST fuzzing templates.

Steps To Reproduce

nuclei -dast -t simple-fuzzing-test.yaml -u http://127.0.0.1/?id=1 -debug-req

id: simple-fuzzing-test

info:
  name: Simple Fuzzing Test
  author: test
  severity: high

http:
  - method: GET
    path:
      - "{{BaseURL}}/test?id=1"
    headers:
      test: abc
      User-Agent: ua
    fuzzing:
      - part: query
        type: replace
        keys:
          - id
        fuzz:
          - 1
          - 2
    matchers:
      - type: status
        status:
          - 200

Relevant log output

____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.3.8

		projectdiscovery.io

[WRN] The concurrency value is higher than max-host-error
[INF] Adjusting max-host-error to the concurrency value: 50
[INF] Current nuclei version: v3.3.8 (outdated)
[INF] Current nuclei-templates version: v9.6.8 (outdated)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 11
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [simple-fuzzing-test] Dumped HTTP request for http://127.0.0.1/?id=1

GET /?id=1 HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11) AppleWebKit/616.17 (KHTML, like Gecko) Version/17.3.75 Safari/616.17
Accept-Encoding: gzip

[INF] [simple-fuzzing-test] Dumped HTTP request for http://127.0.0.1/?id=2

GET /?id=2 HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11) AppleWebKit/616.17 (KHTML, like Gecko) Version/17.3.75 Safari/616.17
Accept-Encoding: gzip

[INF] No results found. Better luck next time!
[0:00:00] | Templates: 1 | Hosts: 1 | RPS: 7 | Matched: 0 | Errors: 2 | Requests: 2/1 (200%)

Environment

- OS: mac os
- Nuclei: 3.3.8

Anything else?

No response
@zerokeeper zerokeeper added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Jan 14, 2025
@dogancanbakir dogancanbakir self-assigned this Jan 15, 2025
@dogancanbakir dogancanbakir linked a pull request Jan 15, 2025 that will close this issue
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dogancanbakir dogancanbakir

Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

set headers for fuzzing request projectdiscovery/nuclei
2 participants
@zerokeeper @dogancanbakir