projectdiscovery / nuclei

Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
https://docs.projectdiscovery.io/tools/nuclei
MIT License
20.88k stars 2.52k forks source link

设置pipeline: true后burp无法获取到数据 #5494

Open xk-mt opened 3 months ago

xk-mt commented 3 months ago

在yaml文件中设置pipeline: true,执行nuclei中加入-p http://127.0.0.1:8080,burp无请求数据

image

C:\Users\17569\Desktop\nuclei-poc\nacos>nuclei -u http://127.0.0.1:202/ -p http://127.0.0.1:8080 -debug -v -vv -t 1.yaml

                     __     _
   ____  __  _______/ /__  (_)
  / __ \/ / / / ___/ / _ \/ /
 / / / / /_/ / /__/ /  __/ /
/_/ /_/\__,_/\___/_/\___/_/   v3.3.0

                projectdiscovery.io

[VER] Using http://127.0.0.1:8080 as proxy server
[VER] Started metrics server at localhost:9092
[WRN] Found 30 template[s] loaded with deprecated paths, update before v3 for continued support.
[INF] Current nuclei version: v3.3.0 (latest)
[INF] Current nuclei-templates version: v9.9.2 (latest)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 67
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[cs] cs (@cs) [critical]
[INF] [cs] Dumped HTTP request for http://127.0.0.1:202/

GET /1.php HTTP/1.1
Host: 127.0.0.1:202
User-Agent: Mozilla/5.0 (Knoppix; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip

[VER] [cs] Sent HTTP request to http://127.0.0.1:202/
[DBG] [cs] Dumped HTTP response http://127.0.0.1:202/

HTTP/0.0 400 Bad Request
Content-Length: 150
Connection: close
Content-Type: text/html
Date: Tue, 06 Aug 2024 09:03:47 GMT
Server: nginx

<html>
<head><title>400 Bad Request</title></head>
<body>
<center><h1>400 Bad Request</h1></center>
<hr><center>nginx</center>
</body>
</html>
[INF] No results found. Better luck next time!
id: cs

info:
  name: cs
  author: cs
  severity: critical
  tags: cs

http:
  - method: GET
    path:
      - "{{BaseURL}}/1.php"

    pipeline: true

    matchers:
      - type: status
        status:
          - 200
dogancanbakir commented 3 months ago

translation: title: Setting pipeline: true prevents burp from fetching data. desc: Set pipeline: true in yaml file, add -p http://127.0.0.1:8080 to execute nuclei, burp no request data

zrquan commented 3 months ago

It seems that the pipeline feature is based on the rawhttp, which does not support http proxy.

xk-mt commented 3 months ago

谢谢大佬的讲解(Thank you very much.) pipeline bool Pipeline defines if the attack should be performed with HTTP 1.1 Pipelining All requests must be idempotent (GET/POST). This can be used for race conditions/billions requests.

管道布尔 管道定义攻击是否应该使用HTTP 1.1管道执行 所有请求必须是幂等的(GET/POST)。这可用于竞争条件/数十亿次请求。