search

projectdiscovery / nuclei

Fast and customizable vulnerability scanner based on simple YAML based DSL.
https://docs.projectdiscovery.io/tools/nuclei
MIT License
20.17k stars 2.47k forks source link

[FEATURE] Detailed http responses in javascript code templates debug mode #5662

Open KGorbakon opened 1 week ago

KGorbakon commented 1 week ago

Describe your feature request

Current http responses are not visible entirely, so it's impossible to debug javascripte code templates. image

There should be an option to view them entirely as it works in raw http tempates debug mode.

Describe the use case of the feature

The template creator is testing the template. If there was no match when testing the template on a vulnerable stand, the creator launches nuclei with the debug option, and the system displays http requests and responses in their entirety.

Describe alternatives you've considered

  1. If i start nuclei with options -sresp/-srd all request/response should be stored entirely. How it looks now: image

  2. Javascript code templates might be intercepted with option -p (-proxy).

Additional context

Tested on template:

javascript:
  - code: |   
      let m = require('nuclei/net');
      let address=Host+':'+Port;
      let conn;
      conn = m.OpenTLS('tcp', address)
      conn.Send('GET / HTTP/1.1\r\nHost:'+Host+'\r\nConnection: close\r\n\r\n');
      conn.RecvString();

    args:
      Host: "{{Host}}"
      Port: "443"

Nuclei Engine Version: v3.3.1

GeorginaReeder commented 1 week ago

Thanks so much for this feature request @KGorbakon , we'll take a look into it!