Added Base64 Support in Query String and Request Path (#701)

* Tiny spelling correction (#647) Minor change, changed 'Goolgle' to Google * version update * fix: typo (#684) Signed-off-by: guoguangwu <[email protected]> * chore(deps): bump golang.org/x/net from 0.14.0 to 0.17.0 (#683) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.14.0 to 0.17.0. - [Commits](golang/net@v0.14.0...v0.17.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Added b64_body support in path and queryString --------- Signed-off-by: guoguangwu <[email protected]> Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: bl13pbl03p <[email protected]> Co-authored-by: sandeep <[email protected]> Co-authored-by: guangwu <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sandeep Singh <[email protected]>
projectdiscovery · Dec 7, 2023 · 59aafc8 · 59aafc8
1 parent e4d4d7b
commit 59aafc8
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -475,7 +475,7 @@ interactsh-server -d oast.pro,oast.me
 
 **Note:**
 
-While running interactsh server on **Cloud VM**'s like Amazon EC2, Goolge Cloud Platform (GCP), it is required to update the security rules to allow **"all traffic"** for inbound connections.
+While running interactsh server on **Cloud VM**'s like Amazon EC2, Google Cloud Platform (GCP), it is required to update the security rules to allow **"all traffic"** for inbound connections.
 
 </td>
 </table>
@@ -578,7 +578,7 @@ interactsh-server -d hackwithautomation.com -http-index banner.html
 
 Interactsh http server optionally enables file hosting to help in security testing. This capability can be used with a self-hosted server to serve files for common payloads for **XSS, XXE, RCE** and other attacks.
 
-To use this feature, `-http-directory` flag can be used which accepts diretory as input and files are served under `/s/` direcotry.
+To use this feature, `-http-directory` flag can be used which accepts diretory as input and files are served under `/s/` directory.
 
 ```console
 interactsh-server -d hackwithautomation.com -http-directory ./paylods

diff --git a/cmd/benchmark-server/duration-testing/bench.go b/cmd/benchmark-server/duration-testing/bench.go
@@ -90,7 +90,7 @@ func startClient(idx int) {
 		log.Fatal(err)
 	}
 
-	// simulate continous interactions
+	// simulate continuous interactions
 	rateLimiter := ratelimit.New(*interactionsRateLimit)
 	for {
 		select {

diff --git a/pkg/server/http_server.go b/pkg/server/http_server.go
@@ -2,6 +2,7 @@ package server
 
 import (
 	"bytes"
+        "encoding/base64"
 	"crypto/tls"
 	"fmt"
 	"log"
@@ -271,7 +272,7 @@ func (h *HTTPServer) defaultHandler(w http.ResponseWriter, req *http.Request) {
 		fmt.Fprintf(w, "<data>%s</data>", reflection)
 		w.Header().Set("Content-Type", "application/xml")
 	} else {
-		if h.options.DynamicResp && len(req.URL.Query()) > 0 {
+		if h.options.DynamicResp && (len(req.URL.Query()) > 0  || stringsutil.HasPrefixI(req.URL.Path, "/b64_body:")) {
 			writeResponseFromDynamicRequest(w, req)
 			return
 		}
@@ -291,6 +292,14 @@ func (h *HTTPServer) defaultHandler(w http.ResponseWriter, req *http.Request) {
 func writeResponseFromDynamicRequest(w http.ResponseWriter, req *http.Request) {
 	values := req.URL.Query()
 
+	if stringsutil.HasPrefixI(req.URL.Path, "/b64_body:") {
+	firstindex := strings.Index(req.URL.Path, "/b64_body:")
+	lastIndex := strings.LastIndex(req.URL.Path, "/")
+
+        decodedBytes, _ := base64.StdEncoding.DecodeString(req.URL.Path[firstindex+10:lastIndex])
+        _, _ = w.Write(decodedBytes)
+
+	}
 	if headers := values["header"]; len(headers) > 0 {
 		for _, header := range headers {
 			if headerParts := strings.SplitN(header, ":", 2); len(headerParts) == 2 {
@@ -309,6 +318,11 @@ func writeResponseFromDynamicRequest(w http.ResponseWriter, req *http.Request) {
 	if body := values.Get("body"); body != "" {
 		_, _ = w.Write([]byte(body))
 	}
+
+        if b64_body := values.Get("b64_body"); b64_body != "" {
+                 decodedBytes, _ := base64.StdEncoding.DecodeString(string([]byte(b64_body)))
+                _, _ = w.Write(decodedBytes)
+        }
 }
 
 // RegisterRequest is a request for client registration to interactsh server.

diff --git a/pkg/server/http_server_test.go b/pkg/server/http_server_test.go
@@ -37,6 +37,16 @@ func TestWriteResponseFromDynamicRequest(t *testing.T) {
 		body, _ := io.ReadAll(resp.Body)
 		require.Equal(t, "this is example body", string(body), "could not get correct result")
 	})
+
+        t.Run("b64_body", func(t *testing.T) {
+                req := httptest.NewRequest("GET", "http://example.com/?b64_body=dGhpcyBpcyBleGFtcGxlIGJvZHk=", nil)
+                w := httptest.NewRecorder()
+                writeResponseFromDynamicRequest(w, req)
+
+                resp := w.Result()
+                body, _ := io.ReadAll(resp.Body)
+                require.Equal(t, "this is example body", string(body), "could not get correct result")
+        })
 	t.Run("header", func(t *testing.T) {
 		req := httptest.NewRequest("GET", "http://example.com/?header=Key:value&header=Test:Another", nil)
 		w := httptest.NewRecorder()