-mdc and -fdc options do not work.
Nzoth9 opened this issue · comments
Hi, I'm using the following options. -mdc 'status_code == 200' -fdc "contains(body, 'refresh')"
The expected result is ignored if the response code is not 200
or the refresh
string is contained within the content being responded to. but it doesn't work. (katana version is v1.0.4)
have a great day!
Thanks for opening the issue. I tried with scanme.sh and it's working:
the response we get each request:
cat katana_response/scanme.sh/15c54a7d479109d03421bebc2860bcf1a4b0a342.txt
https://scanme.sh
GET / HTTP/1.1
Host: scanme.sh
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Accept-Encoding: gzip
HTTP/1.1 200 OK
Content-Length: 2
Content-Type: text/plain; charset=utf-8
Date: Fri, 12 Jan 2024 12:16:47 GMT
ok
status code and body is matched, so it's filtered out by -fdc
:
$ go run . -u scanme.sh -mdc 'status_code == 200' -fdc 'contains(body, "ok")' -silent
status code is matched but body is not matched, so it's not filtered out by -fdc
:
$ go run . -u scanme.sh -mdc 'status_code == 200' -fdc 'contains(body, "dummy")' -silent
https://scanme.sh
Let us know if you have further questions!
Hello, @glaucocustodio! First at all, thanks to reply <3
I ran katana with the command below, but it will be detected.
katana -d 10 -ef "png,js,css,svg,jpg" -headless -no-incognito -u https://www.domain.com -mdc "status_code == 200" -fdc "contains(body, 'refresh')"
__ __
/ /_____ _/ /____ ____ ___ _
/ '_/ _ / __/ _ / _ \/ _ /
/_/\_\\_,_/\__/\_,_/_//_/\_,_/
projectdiscovery.io
[INF] Current katana version v1.0.4 (outdated)
[INF] Started headless crawling for => https://www.domain.com
https://www.domain.com/a
The proxy request/response for the /a path is shown below.
GET /a HTTP/2
Host: www.domain.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: ko-KR,ko;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate, br
Dnt: 1
Sec-Gpc: 1
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: none
Sec-Fetch-User: ?1
Te: trailers
HTTP/2 200 OK
Content-Type: text/html
Last-Modified: Mon, 07 Dec 2020 03:44:46 GMT
Accept-Ranges: bytes
Etag: "0b2a4e4bccd61:0"
Server: Microsoft-IIS/10.0
X-Powered-By: ASP.NET
Access-Control-Allow-Origin: *
Date: Tue, 16 Jan 2024 06:46:37 GMT
Content-Length: 102
<html>
<head>
<meta http-equiv="refresh" content="0; url=/index.asp"></meta>
</head>
</html>
Am I missing something?
- I just tested it after removing the
--headless
option, and the-fdc
option seems to be working fine. If I add it back, it still detects the/a
path. if i use--headless
, will the-fdc
option be ignored? - If I remove
--headless
and add-jc
, katana again detect the/a
path.
In my case, above, it works both with -headless
and without it. Can you please provide the exact repro steps? You can always DM us on Discord if you're uncomfortable sharing them here -target, for example.
Thanks to reply, @dogancanbakir! I've sent you a private message on discord, please check it when you're not busy.
The given URL wasn't reachable; I couldn't test it.