Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] http-race-conditions functionality not working as expected in v3.2.x, v3.3.x #5713

Open
1 task done
666asd opened this issue Oct 10, 2024 · 0 comments
Open
1 task done

[BUG] http-race-conditions functionality not working as expected in v3.2.x, v3.3.x #5713

666asd opened this issue Oct 10, 2024 · 0 comments
Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.

Comments

@666asd
Copy link

666asd commented Oct 10, 2024
edited
Loading

Is there an existing issue for this?

  • I have searched the existing issues.

This problem seems to have been solved once. But it reappeared. #3488

Current Behavior

I've written an HTTP server in Python that delays for 2 seconds upon receiving each request.

from http.server import HTTPServer, BaseHTTPRequestHandler, ThreadingHTTPServer
import time

class SimpleHTTPRequestHandler(BaseHTTPRequestHandler):
    def do_GET(self):
        print(f"Handling GET request for {self.path}")
        time.sleep(2)
        self.send_response(200)
        self.send_header('Content-type', 'text/html')
        self.end_headers()
        self.wfile.write(b"Hello, world! This is a delayed response.")

port = 9999
server_address = ('', port)

httpd = ThreadingHTTPServer(server_address, SimpleHTTPRequestHandler)

print(f"Starting server on port {port}...")
httpd.serve_forever()

Create a file "race.yaml" and populate it with the following template:

id: race-condition-testing

info:
  name: Race condition testing with multiple requests
  author: pdteam
  severity: info

requests:
  - raw:  
      - |
        GET / HTTP/1.1
        Pragma: no-cache
        Host: {{Hostname}}
        Cache-Control: no-cache, no-transform
        User-Agent: Mozilla/5.0

      - |
        GET / HTTP/1.1
        Pragma: no-cache
        Host: {{Hostname}}
        Cache-Control: no-cache, no-transform
        User-Agent: Mozilla/5.0

      - |
        GET / HTTP/1.1
        Pragma: no-cache
        Host: {{Hostname}}
        Cache-Control: no-cache, no-transform
        User-Agent: Mozilla/5.0
    threads: 2
    race: true

    matchers:
      - type: status
        status:
          - 200

Run nuclei -duc -t /tmp/race.yaml -u http://127.0.0.1:9999

The request log for the HTTP server is as follows:

Image

When v2.9.x and v3.1.x are used, the server receives the first two requests at the same time. However, when v3.2.x and v3.3.x are used, the interval between the three requests is 2 seconds.

Expected Behavior

The first two requests should be sent at the same time.

Steps To Reproduce

nuclei -duc -t /tmp/race.yaml -u http://127.0.0.1:9999

Relevant log output

No response

Environment

  • OS: windows/linux
  • Nuclei: v3.2.x v3.3.x
  • Go:

Anything else?

No response
@666asd 666asd added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Oct 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@666asd