Brum3ns / firefly

Black box fuzzer for web applications
401 stars 35 forks source link

panic: runtime error: invalid memory address or nil pointer dereference #5

Closed LyesH4ck closed 1 year ago

LyesH4ck commented 1 year ago

Hello,

Tested on Kali Linux (last update).

└─$ go install -v github.com/Brum3ns/firefly/cmd/firefly@latest                                                                        1 ⨯
go: downloading github.com/Brum3ns/firefly v0.0.0-20230211164014-eb164ddd0dbf
github.com/Brum3ns/firefly/pkg/firefly/types
github.com/Brum3ns/firefly/pkg/functions/globalVariables
github.com/Brum3ns/firefly/pkg/storage
github.com/Brum3ns/firefly/pkg/design
github.com/Brum3ns/firefly/pkg/functions
github.com/Brum3ns/firefly/pkg/output
github.com/Brum3ns/firefly/pkg/firefly/prepare
github.com/Brum3ns/firefly/pkg/firefly/technique
github.com/Brum3ns/firefly/pkg/parse
github.com/Brum3ns/firefly/pkg/runner
github.com/Brum3ns/firefly/cmd/firefly
└─$ ./firefly -u 'https://URL/FUZZ' 

  ___ _          __ _      
 | __(*)_ _ ___ / _| |_  __ 
 | _|| | '_/ -_)  _| | \/ /
 |_| |_|_| \___|_| |_|\, /
                      /_/  

  By: YesWeHack/Brumens          v1.0

[!] Stay ethical. The creator of the tool is not responsible for any misuse or damage.
________________________________________________________________ 

[INF] Grep Wordlist[s] setup in process
[OK] Configuration completed
[INF] Verify target behaviour: 100%
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x38 pc=0x559e6b6a727e]

goroutine 346 [running]:
github_0com_1Brum3ns_1firefly_1pkg_1runner.ReqTemplate
        /home/user/PWN/WEB/firefly/pkg/runner/request.go:116
github_0com_1Brum3ns_1firefly_1pkg_1runner.Request
        /home/user/PWN/WEB/firefly/pkg/runner/request.go:128
created by github_0com_1Brum3ns_1firefly_1pkg_1runner.New
        /home/user/PWN/WEB/firefly/pkg/runner/runner.go:87 +0x4c5
Brum3ns commented 1 year ago

Hey!

Version v1.1 is coming soon with fixes and better start configs, however this is a new one I haven't faced under my tests.

Try the following and see if any of these techniques works:

It's inside the ReqTemplate when it setup the http RAW request which indicate something related to the request setup is failing, I wil check on this and see what I can find!

Regards, Brumens