Closed savushkin-yauheni closed 2 years ago
Thank you @savushkin-yauheni for reporting this, I can reproduce this behavior.
I'm also affected by this bug.
@savushkin-yauheni @gaby Thanks for reporting the issue. I'm trying to reproduce the behavior to implement a fix, but any target is correctly prefixed with http
, and the one from the example provided is unresponsive. Were you able to reproduce this with any other target? Also, would it be possible to share one (if it's private, feel free to jump on our discord channel and share via DM)? Thanks!
Hi @Mzack9999 I will find the similar target tomorrow. Thank you!
Hi again @Mzack9999
nuclei -target http://cgi6.training.apple.com -t technologies/tech-detect.yaml -json
nuclei -target http://mfi.apple.com -t technologies/tech-detect.yaml -json
nuclei -target http://cgi6.training.apple.com -t technologies/tech-detect.yaml -silent -json | jq -r .host
training.apple.com
nuclei -target https://www.apple.com -t technologies/tech-detect.yaml -json -silent | jq -r .host
https://www.apple.com
@Mzack9999 looks like this is an issue with the host involving redirects.
cgi6.training.apple.com
redirects to training.apple.com
, which returns a custom host
header within the response that overwrites at https://github.com/projectdiscovery/nuclei/blob/a6b15f948dcb81e02dfe7df5754a38cef904eaa5/v2/pkg/protocols/http/operators.go#L102 the legitimate one set at https://github.com/projectdiscovery/nuclei/blob/a6b15f948dcb81e02dfe7df5754a38cef904eaa5/v2/pkg/protocols/http/operators.go#L90
The issue here is that the current implementation implies a potential overlap between the response header name and existing map keys, leading to their values being overwritten. To keep compatibility, a possible approach would be to use an alternative syntax when this happens, for example naming the response headers as:
header_name => resp_header_name
Hi team!
Nuclei version
Describe the bug
it looks strange, but i tried a lot of domains, and seems that it happened only with apple.com domains O_o
but anyway i think it's a bug.
Thanks.