Add probe-all-ips feature #427
Conversation
There was a problem hiding this comment.
Thank you @zerodivisi0n for adding this feature, upon further testing I've noticed with the following example it's not working as expected, i.e using the same IP for all probes.
echo docs.hackerone.com | ./httpx -probe-all-ips
__ __ __ _ __
/ /_ / /_/ /_____ | |/ /
/ __ \/ __/ __/ __ \| /
/ / / / /_/ /_/ /_/ / |
/_/ /_/\__/\__/ .___/_/|_|
/_/ v1.1.4-dev
projectdiscovery.io
Use with caution. You are responsible for your actions.
Developers assume no liability and are not responsible for any misuse or damage.
http://docs.hackerone.com [185.199.109.153]
http://docs.hackerone.com [185.199.109.153]
http://docs.hackerone.com [185.199.109.153]
http://docs.hackerone.com [185.199.109.153]
|
Thanks for the quick feedback @ehsandeep . I also found a problem with the following input: I'm not sure if it should be supported, probably it should. I'll try to deal with both cases tomorrow. |
|
Your case gives the following output on my laptop: I'll try to dig deeper. |
Thank you, with this modification, the only difference is that we are probing the same request with different available IPs; the rest of the features and flags should remain functional as before. |
|
Fixed issue with probing IPs for complex URLs: Still can't reproduce the problem with the same IPs. Maybe it is some sort of DNS caching problem? Anyway, I'll try to dig deeper tomorrow. |
ehsandeep
added
the
Status: In Progress
|
@ehsandeep Unfortunately, I have not been able to reproduce your issue. So I need your help in debugging. What is the output of the command Are you using default fastdialer module from your repository? |
|
@zerodivisi0n I'm adding all the information, let me know any more information is required. $host docs.hackerone.com
docs.hackerone.com is an alias for hacker0x01.github.io.
hacker0x01.github.io has address 185.199.111.153
hacker0x01.github.io has address 185.199.110.153
hacker0x01.github.io has address 185.199.108.153
hacker0x01.github.io has address 185.199.109.153
hacker0x01.github.io has IPv6 address 2606:50c0:8000::153
hacker0x01.github.io has IPv6 address 2606:50c0:8001::153
hacker0x01.github.io has IPv6 address 2606:50c0:8003::153
hacker0x01.github.io has IPv6 address 2606:50c0:8002::153
$echo docs.hackerone.com | ./httpx -probe-all-ips -silent
http://docs.hackerone.com [185.199.108.153]
http://docs.hackerone.com [185.199.108.153]
http://docs.hackerone.com [185.199.108.153]
http://docs.hackerone.com [185.199.108.153]{
"timestamp": "2021-10-31T00:36:15.466334+05:30",
"scheme": "http",
"port": "80",
"path": "/",
"body-sha256": "9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a",
"header-sha256": "41c5ae0a07f5f84615b3093d40b78a94b2a74763994771fc55a817afde8f2fd4",
"a": [
"185.199.111.153",
"185.199.108.153",
"185.199.109.153",
"185.199.110.153"
],
"cnames": [
"hacker0x01.github.io"
],
"url": "http://docs.hackerone.com:80",
"input": "docs.hackerone.com",
"location": "https://docs.hackerone.com/",
"title": "301 Moved Permanently",
"webserver": "GitHub.com",
"content-type": "text/html",
"method": "GET",
"host": "185.199.111.153",
"content-length": 162,
"status-code": 301,
"response-time": "122.40125ms",
"failed": false
}
{
"timestamp": "2021-10-31T00:36:15.466339+05:30",
"scheme": "http",
"port": "80",
"path": "/",
"body-sha256": "9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a",
"header-sha256": "0bca1be5120ce3f9e68fe1ea9fa9b59c07370d4cfba3564d0a46a477ec480cd8",
"a": [
"185.199.111.153",
"185.199.108.153",
"185.199.109.153",
"185.199.110.153"
],
"cnames": [
"hacker0x01.github.io"
],
"url": "http://docs.hackerone.com:80",
"input": "docs.hackerone.com",
"location": "https://docs.hackerone.com/",
"title": "301 Moved Permanently",
"webserver": "GitHub.com",
"content-type": "text/html",
"method": "GET",
"host": "185.199.111.153",
"content-length": 162,
"status-code": 301,
"response-time": "126.154625ms",
"failed": false
}
{
"timestamp": "2021-10-31T00:36:15.468841+05:30",
"scheme": "http",
"port": "80",
"path": "/",
"body-sha256": "9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a",
"header-sha256": "bc7cf34f5129a2f04b19c6d95db65a26156787696545468dca7d73bead710655",
"a": [
"185.199.111.153",
"185.199.108.153",
"185.199.109.153",
"185.199.110.153"
],
"cnames": [
"hacker0x01.github.io"
],
"url": "http://docs.hackerone.com:80",
"input": "docs.hackerone.com",
"location": "https://docs.hackerone.com/",
"title": "301 Moved Permanently",
"webserver": "GitHub.com",
"content-type": "text/html",
"method": "GET",
"host": "185.199.111.153",
"content-length": 162,
"status-code": 301,
"response-time": "125.287167ms",
"failed": false
}
{
"timestamp": "2021-10-31T00:36:15.469921+05:30",
"scheme": "http",
"port": "80",
"path": "/",
"body-sha256": "9e17cb15dd75bbbd5dbb984eda674863c3b10ab72613cf8a39a00c3e11a8492a",
"header-sha256": "b43e5812be88a0a5588f967d6c741e2a400f465bf83ef9b4788ef1df462c089b",
"a": [
"185.199.111.153",
"185.199.108.153",
"185.199.109.153",
"185.199.110.153"
],
"cnames": [
"hacker0x01.github.io"
],
"url": "http://docs.hackerone.com:80",
"input": "docs.hackerone.com",
"location": "https://docs.hackerone.com/",
"title": "301 Moved Permanently",
"webserver": "GitHub.com",
"content-type": "text/html",
"method": "GET",
"host": "185.199.111.153",
"content-length": 162,
"status-code": 301,
"response-time": "118.357ms",
"failed": false
} |
|
Oh, you have a new MacBook! Nice! I continue to investigate and so far I have found one oddity - in your examples, requests are made via the I don't know if this is directly related to the current problem. Maybe you have some custom config ( And one more clarification - are you using a build from the current branch with the last commit (2559dce)? Thanks in advance for your reply, I will continue to figure it out. |
|
I tried another approach to probe all the IPs. |
ehsandeep
added
the
Status: Review Needed
|
@zerodivisi0n it works as expected after the change, but noticed an unexpected wait time/delay during the scan even with a single input, will add more specific details. @Mzack9999 FYI, this is related to #245, we settled with the output UI, and @zerodivisi0n proposed the above changes. |
|
After further analysis, some servers reject TLS requests having an SNI name equal to the IP. This is why some results were found valid only for http, for example, ..
if scanopts.ProbeAllIPS && customIP != "" {
customHost = URL.Host
// URL.Host = customIP <= don't overwrite Host header, will be handled via request context
}
..
if customIP != "" {
req = req.WithContext(context.WithValue(req.Context(), "ip", customIP))
}
resp, err := hp.Do(req, httpx.UnsafeOptions{URIPath: reqURI}) |
|
@ehsandeep Waiting for your details. |
|
@zerodivisi0n it was related to the issue mentioned by mzack, looks like I got some hosts not returning any results because of the ssl issue and took some time before getting errored out. |
Mzack9999
added
Type: Enhancement
ehsandeep
added
Status: Completed
|
@zerodivisi0n everything is now working well, thank you for working on this. |
|
@ehsandeep Sorry, I've been very busy in the last few weeks, and haven't been able to get to this. It's good that it's finally done. Thank you! |
Added flag to support probe all ips #245.
Example output:
For default output, I just implicitly enable IP address output:
JSON (as described in the original issue):
{ "timestamp": "2021-10-23T19:10:52.740432132+03:00", "scheme": "https", "port": "443", "path": "/", "body-sha256": "bf697861898d0a7fabf4886f0eb238a440f45622e062ef40ac266e5575796347", "header-sha256": "883abfaf1ec8e7c9270389ceb45e0c4b8a16264c933174b93b14766b6f66c85c", "a": [ "104.16.100.52", "104.16.99.52" ], "url": "https://hackerone.com:443", "input": "hackerone.com", "location": "https://www.hackerone.com/", "webserver": "cloudflare", "content-type": "text/html", "method": "GET", "host": "104.16.100.52", "content-length": 92, "status-code": 302, "csp": { "domains": [ "a5s.hackerone-ext-content.com", "b5s.hackerone-ext-content.com", "errors.hackerone.net", "profile-photos.hackerone-user-content.com", "www.youtube-nocookie.com", "www.google-analytics.com", "cover-photos.hackerone-user-content.com", "hackathon-photos.hackerone-user-content.com", "hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com", "https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d" ] }, "response-time": "963.997528ms", "failed": false } { "timestamp": "2021-10-23T19:10:52.774901606+03:00", "scheme": "https", "port": "443", "path": "/", "body-sha256": "bf697861898d0a7fabf4886f0eb238a440f45622e062ef40ac266e5575796347", "header-sha256": "e129249144cc96d0bcf0273eb03e42f002169966d76179ffbd5d359264e5ea35", "a": [ "104.16.100.52", "104.16.99.52" ], "url": "https://hackerone.com:443", "input": "hackerone.com", "location": "https://www.hackerone.com/", "webserver": "cloudflare", "content-type": "text/html", "method": "GET", "host": "104.16.99.52", "content-length": 92, "status-code": 302, "csp": { "domains": [ "profile-photos.hackerone-user-content.com", "https://errors.hackerone.net/api/30/csp-report/?sentry_key=374aea95847f4040a69f9c8d49a3a59d", "www.youtube-nocookie.com", "b5s.hackerone-ext-content.com", "www.google-analytics.com", "errors.hackerone.net", "cover-photos.hackerone-user-content.com", "hackathon-photos.hackerone-user-content.com", "hackerone-us-west-2-production-attachments.s3.us-west-2.amazonaws.com", "a5s.hackerone-ext-content.com" ] }, "response-time": "1.005377776s", "failed": false }