search

ignis-sec / puff

Clientside vulnerability / reflected xss fuzzer
150 stars 17 forks source link

Chrome path #2

Closed ghost closed 4 years ago

ghost commented 4 years ago

Hi is possible you could show me how you have your chrome path listed as I'm not able to get it to work, I'm guessing it's an error I'm making. Thanks

ghost commented 4 years ago

It's stating: "Could not resolve the directory in the config.json file."

ignis-sec commented 4 years ago

Hello! Turns out i broke the damn thing for some users during an hasty update yesterday, and i'm working on the fix. I've pushed a fix to the development branch just a few minutes ago, and i'll push it to the master github branch soon.

Sorry about that! It'll be fixed in 30 minutes at most!

ghost commented 4 years ago

Thanks @FlameOfIgnis

ignis-sec commented 4 years ago

I've fixed the issue, set the default to chromium installed by npm and puppeteer, and tested the setup on both user supplied chromium path and npm installed chromium path. Everything seems to be fine right now.

You can update via npm, or git clone now.

Feel free to re-open the issue if there is still trouble!

ghost commented 4 years ago

Thanks dude,

I'm getting the following:

if(config.chromium_path.includes('*')) chromium_path = glob.sync(config.chromium_path, {})[0]; ^

TypeError: Cannot read property 'includes' of undefined at Object. (/Users/user1/puff/puff.js:333:25)

ignis-sec commented 4 years ago

Well i'll need to add a better error message for that one!

It means you did not install chromium during the npm install, and have to set your own chromium path via puff -c "path/to/chromium", or reinstall with npm install and without setting the PUPPETEER_SKIP_CHROMIUM_DOWNLOAD flag.

Please let me know if it works.

Cheers,

ghost commented 4 years ago

@FlameOfIgnis So I reinstalled and done as you said and it worked :D...... Then I stopped it and then run it again and sadly got the error message again :(

ignis-sec commented 4 years ago

Hmmm, i'm unable to reproduce the issue.

1) Which OS are you running it with? 2) Did you install it via npm install -g, or via git clone?

Can you try to do puff -c default? That should also output the old value in the config. I'm certain puff -c default will solve the issue for you, but i'd also appreciate if you could tell me the output from that command, which will help me take a deeper look at this issue.

So it looks like i've set a dirty solution for this issue, and even though it passed my testing it looks like its causing some problems.

I've added the following block in the last update:

var chromium_path;

//resolve chromium path
if(config.chromium_path.includes('*')) chromium_path = glob.sync(config.chromium_path, {})[0];
else chromium_path = config.chromium_path;
if(chromium_path=='default'){//resolve default path
    config.chromium_path = glob.sync(path.join(__dirname, "node_modules/puppeteer/.local-chromium/*/*/chrome.exe"))[0]

    chromium_path=config.chromium_path

    fs.writeFileSync(path.join(__dirname,'/config.json'), JSON.stringify(config), 'utf8');
}

Briefly;

if(config.chromium_path.includes('*')) chromium_path = glob.sync(config.chromium_path, {})[0];

So if the path contains wildcards, its going to resolve it and get the first match

if(chromium_path=='default'){//resolve default path
   config.chromium_path = glob.sync(path.join(__dirname, "node_modules/puppeteer/.local-chromium/*/*/chrome.exe"))[0]

If chromium_path is set as default, set it to the local chromium installation inside puppeteer module and resolve the wildcards in path, save first match.

if(config.chromium_path.includes('*')) chromium_path = glob.sync(config.chromium_path, {})[0]; ^

TypeError: Cannot read property 'includes' of undefined at Object. (/Users/user1/puff/puff.js:333:25)

This error means your config.json file either went missing or there was an issue with first resolution and it emptied out the config file.

ghost commented 4 years ago

So I'm using OSX Catalina @FlameOfIgnis

I used the following: git clone https://github.com/FlameOfIgnis/puff cd puff sudo npm install

I got the following: puff -c default Chrome path changing from 'default' to 'default' Wordlist and url are required parameters.

I then ran and it works fine but as soon as I quit it's emptying my config.json :-/

ignis-sec commented 4 years ago

I'll take a look and make sure this issue is solved as soon as possible but i can't test it on OSX, so i can't give a timetable.

Until it is fixed, you can do a hacky solution and alias it so it adds -c default to all the calls. So; puff -> puff -c default

I'll let you know if i find the cause of the issue and solve it

cheers!

ghost commented 4 years ago

Thanks dude :), I'll try it on my ubuntu machine also

ghost commented 4 years ago

So adding puff -c default to every call works :)

ignis-sec commented 4 years ago

Tomorrow I'll just make it default to the same path if chromium_path is not found in the config file, which will solve this issue.

I'm still not entirely sure what is causing that behaviour, which makes me think it will come back eventually.

I'll close this issue after tomorrows update, but do feel free to reopen if you encounter any problems after that.

ignis-sec commented 4 years ago

So i've asked my friend to test this on OSX and he is having the same trouble. I'll still do the default patch i was planning shortly, which will solve the issue for you.

However, this might cause OSX users who are supplying their own chromium path to suffer drawback - im not entirely sure if this issue would be resetting their chromium_path too.

Thanks for notifying me about the issue, cheers!