Hangs when encountering a page with a JavaScript alert box

[lappsec]

Describe the bug When Gowitness attempts to screenshot a page that pops up a JS alert box it hangs indefinitely. There are no errors (when using the debug flag) but the scan will never complete and has to be forcefully ended.

To Reproduce I have encountered this on live systems but reproduced it on a local server, so the example domain in my screenshots will not work but you can set up your own and test.

1. On your web server, set up index.html to pop an alert box. For example:
2. Run a normal scan: gowitness scan single -u --screenshot-path /tmp/test -D
3. It will hang and you'll have to Ctrl-C the SOB.
4. Remove the alert from the html and try again, it will work fine.

Expected behavior I'd expect a screenshot or, at the very least, for the timeout to kick in and skip that host. I did try messing with the timeout flag too but it didn't make a difference.

Screenshots The screenshots show the page displaying the alert box in the browser and then running gowitness twice. The first time the JS alert box is present on the page and gowitness has to be stopped. The second run is after it was removed and no JS was on the page.

Version Information:

• OS: Ubuntu 20.04.5 LTS
• gowitness: 3.0.4
• Chromium: 130.0.6723.58 snap

[leonjza]

Thanks for the report. That behaviour implies that the alert box handling is not working as expected for chromedp here, and probably for gorod here too then.