Merge pull request #80 from projectdiscovery/feature-pipeline

adding http pipeline check

Author: ehsandeep

cmd/httpx/httpx.go

@@ -114,93 +114,94 @@ func main() {
 	scanopts.OutputContentType = options.OutputContentType
 	scanopts.RequestBody = options.RequestBody
 	scanopts.Unsafe = options.Unsafe
+	scanopts.Pipeline = options.Pipeline
 	scanopts.HTTP2Probe = options.HTTP2Probe
 	scanopts.OutputMethod = options.OutputMethod
 	if len(scanopts.Methods) > 0 {
 		scanopts.OutputMethod = true
-	}
-
-	// Try to create output folder if it doesnt exist
-	if options.StoreResponse && !fileutil.FolderExists(options.StoreResponseDir) {
-		if err := os.MkdirAll(options.StoreResponseDir, os.ModePerm); err != nil {
-			gologger.Fatalf("Could not create output directory '%s': %s\n", options.StoreResponseDir, err)
-		}
-	}
-
-	// output routine
-	wgoutput := sizedwaitgroup.New(1)
-	wgoutput.Add()
-	output := make(chan Result)
-	go func(output chan Result) {
-		defer wgoutput.Done()
 
-		var f *os.File
-		if options.Output != "" {
-			var err error
-			f, err = os.Create(options.Output)
-			if err != nil {
-				gologger.Fatalf("Could not create output file '%s': %s\n", options.Output, err)
+		// Try to create output folder if it doesnt exist
+		if options.StoreResponse && !fileutil.FolderExists(options.StoreResponseDir) {
+			if err := os.MkdirAll(options.StoreResponseDir, os.ModePerm); err != nil {
+				gologger.Fatalf("Could not create output directory '%s': %s\n", options.StoreResponseDir, err)
 			}
-			defer f.Close()
 		}
-		for r := range output {
-			if r.err != nil {
-				gologger.Debugf("Failure '%s': %s\n", r.URL, r.err)
-				continue
-			}
 
-			// apply matchers and filters
-			if len(options.filterStatusCode) > 0 && slice.IntSliceContains(options.filterStatusCode, r.StatusCode) {
-				continue
-			}
-			if len(options.filterContentLength) > 0 && slice.IntSliceContains(options.filterContentLength, r.ContentLength) {
-				continue
-			}
-			if len(options.matchStatusCode) > 0 && !slice.IntSliceContains(options.matchStatusCode, r.StatusCode) {
-				continue
+		// output routine
+		wgoutput := sizedwaitgroup.New(1)
+		wgoutput.Add()
+		output := make(chan Result)
+		go func(output chan Result) {
+			defer wgoutput.Done()
+
+			var f *os.File
+			if options.Output != "" {
+				var err error
+				f, err = os.Create(options.Output)
+				if err != nil {
+					gologger.Fatalf("Could not create output file '%s': %s\n", options.Output, err)
+				}
+				defer f.Close()
 			}
-			if len(options.matchContentLength) > 0 && !slice.IntSliceContains(options.matchContentLength, r.ContentLength) {
-				continue
+			for r := range output {
+				if r.err != nil {
+					gologger.Debugf("Failure '%s': %s\n", r.URL, r.err)
+					continue
+				}
+
+				// apply matchers and filters
+				if len(options.filterStatusCode) > 0 && slice.IntSliceContains(options.filterStatusCode, r.StatusCode) {
+					continue
+				}
+				if len(options.filterContentLength) > 0 && slice.IntSliceContains(options.filterContentLength, r.ContentLength) {
+					continue
+				}
+				if len(options.matchStatusCode) > 0 && !slice.IntSliceContains(options.matchStatusCode, r.StatusCode) {
+					continue
+				}
+				if len(options.matchContentLength) > 0 && !slice.IntSliceContains(options.matchContentLength, r.ContentLength) {
+					continue
+				}
+
+				row := r.str
+				if options.JSONOutput {
+					row = r.JSON()
+				}
+
+				gologger.Silentf("%s\n", row)
+				if f != nil {
+					f.WriteString(row + "\n")
+				}
 			}
+		}(output)
 
-			row := r.str
-			if options.JSONOutput {
-				row = r.JSON()
-			}
+		wg := sizedwaitgroup.New(options.Threads)
+		var sc *bufio.Scanner
 
-			gologger.Silentf("%s\n", row)
-			if f != nil {
-				f.WriteString(row + "\n")
+		// check if file has been provided
+		if fileutil.FileExists(options.InputFile) {
+			finput, err := os.Open(options.InputFile)
+			if err != nil {
+				gologger.Fatalf("Could read input file '%s': %s\n", options.InputFile, err)
 			}
+			defer finput.Close()
+			sc = bufio.NewScanner(finput)
+		} else if fileutil.HasStdin() {
+			sc = bufio.NewScanner(os.Stdin)
+		} else {
+			gologger.Fatalf("No input provided")
 		}
-	}(output)
-
-	wg := sizedwaitgroup.New(options.Threads)
-	var sc *bufio.Scanner
 
-	// check if file has been provided
-	if fileutil.FileExists(options.InputFile) {
-		finput, err := os.Open(options.InputFile)
-		if err != nil {
-			gologger.Fatalf("Could read input file '%s': %s\n", options.InputFile, err)
+		for sc.Scan() {
+			process(sc.Text(), &wg, hp, protocol, scanopts, output)
 		}
-		defer finput.Close()
-		sc = bufio.NewScanner(finput)
-	} else if fileutil.HasStdin() {
-		sc = bufio.NewScanner(os.Stdin)
-	} else {
-		gologger.Fatalf("No input provided")
-	}
-
-	for sc.Scan() {
-		process(sc.Text(), &wg, hp, protocol, scanopts, output)
-	}
 
-	wg.Wait()
+		wg.Wait()
 
-	close(output)
+		close(output)
 
-	wgoutput.Wait()
+		wgoutput.Wait()
+	}
 }
 
 func process(t string, wg *sizedwaitgroup.SizedWaitGroup, hp *httpx.HTTPX, protocol string, scanopts scanOptions, output chan Result) {
@@ -310,6 +311,7 @@ type scanOptions struct {
 	OutputContentType      bool
 	RequestBody            string
 	Unsafe                 bool
+	Pipeline               bool
 	HTTP2Probe             bool
 }
 
@@ -459,6 +461,14 @@ retry:
 		builder.WriteString(" [websocket]")
 	}
 
+	pipeline := false
+	if scanopts.Pipeline {
+		pipeline = hp.SupportPipeline(protocol, method, domain, port)
+		if pipeline {
+			builder.WriteString(" [pipeline]")
+		}
+	}
+
 	var http2 bool
 	// if requested probes for http2
 	if scanopts.HTTP2Probe {
@@ -496,6 +506,7 @@ retry:
 		WebSocket:     isWebSocket,
 		TlsData:       resp.TlsData,
 		CspData:       resp.CspData,
+		Pipeline:      pipeline,
 		HTTP2:         http2,
 		Method:        method,
 	}
@@ -518,6 +529,7 @@ type Result struct {
 	ContentType   string         `json:"content-type,omitempty"`
 	TlsData       *httpx.TlsData `json:"tls,omitempty"`
 	CspData       *httpx.CspData `json:"csp,omitempty"`
+	Pipeline      bool           `json:"pipeline,omitempty"`
 	HTTP2         bool           `json:"http2"`
 	Method        string         `json:"method"`
 }
@@ -579,6 +591,7 @@ type Options struct {
 	Unsafe                    bool
 	RequestBody               string
 	Debug                     bool
+	Pipeline                  bool
 	HTTP2Probe                bool
 }
 
@@ -625,6 +638,7 @@ func ParseOptions() *Options {
 	flag.BoolVar(&options.Unsafe, "unsafe", false, "Send raw requests skipping golang normalization")
 	flag.StringVar(&options.RequestBody, "body", "", "Request Body")
 	flag.BoolVar(&options.Debug, "debug", false, "Debug mode")
+	flag.BoolVar(&options.Pipeline, "pipeline", false, "HTTP1.1 Pipeline")
 	flag.BoolVar(&options.HTTP2Probe, "http2", false, "HTTP2 probe")
 	flag.Parse()
 

common/httpx/pipeline.go

@@ -0,0 +1,68 @@
+package httpx
+
+import (
+	"crypto/tls"
+	"fmt"
+	"net"
+	"strings"
+	"time"
+)
+
+// TODO: this code must be rewritten with rawhttp
+
+// SupportPipeline checks if the target host supports HTTP1.1 pipelining by sending x probes
+// and reading back responses expecting at least 2 with HTTP/1.1 or HTTP/1.0
+func (h *HTTPX) SupportPipeline(protocol, method, host string, port int) bool {
+	addr := host
+	if port == 0 {
+		port = 80
+		if protocol == "https" {
+			port = 443
+		}
+	}
+	if port > 0 {
+		addr = fmt.Sprintf("%s:%d", host, port)
+	}
+	// dummy method while awaiting for full rawhttp implementation
+	dummyReq := fmt.Sprintf("%s / HTTP/1.1\nHost: %s\n\n", method, addr)
+	conn, err := pipelineDial(protocol, addr)
+	if err != nil {
+		return false
+	}
+	// send some probes
+	nprobes := 10
+	for i := 0; i < nprobes; i++ {
+		if _, err = conn.Write([]byte(dummyReq)); err != nil {
+			return false
+		}
+	}
+	gotReplies := 0
+	reply := make([]byte, 1024)
+	for i := 0; i < nprobes; i++ {
+		conn.SetReadDeadline(time.Now().Add(1 * time.Second))
+		if _, err := conn.Read(reply); err != nil {
+			break
+		}
+
+		// The check is very naive, but it works most of the times
+		for _, s := range strings.Split(string(reply), "\n\n") {
+			if strings.Contains(s, "HTTP/1.1") || strings.Contains(s, "HTTP/1.0") {
+				gotReplies++
+			}
+		}
+
+	}
+
+	// expect at least 2 replies
+	return gotReplies >= 2
+}
+
+func pipelineDial(protocol, addr string) (net.Conn, error) {
+	// http
+	if protocol == "http" {
+		return net.Dial("tcp", addr)
+	}
+
+	// https
+	return tls.Dial("tcp", addr, &tls.Config{InsecureSkipVerify: true})
+}

go.mod

@@ -10,7 +10,7 @@ require (
 	github.com/miekg/dns v1.1.31
 	github.com/projectdiscovery/gologger v1.0.1
 	github.com/projectdiscovery/mapcidr v0.0.4
-	github.com/projectdiscovery/rawhttp v0.0.0-20200825153041-19146aae6d84
+	github.com/projectdiscovery/rawhttp v0.0.0-20200830154207-1d82476d6442
 	github.com/projectdiscovery/retryablehttp-go v1.0.1
 	github.com/remeh/sizedwaitgroup v1.0.0
 	github.com/rs/xid v1.2.1

go.sum

@@ -24,8 +24,8 @@ github.com/projectdiscovery/gologger v1.0.1 h1:FzoYQZnxz9DCvSi/eg5A6+ET4CQ0CDUs2
 github.com/projectdiscovery/gologger v1.0.1/go.mod h1:Ok+axMqK53bWNwDSU1nTNwITLYMXMdZtRc8/y1c7sWE=
 github.com/projectdiscovery/mapcidr v0.0.4 h1:2vBSjkmbQASAcO/m2L/dhdulMVu2y9HdyWOrWYJ74rU=
 github.com/projectdiscovery/mapcidr v0.0.4/go.mod h1:ALOIj6ptkWujNoX8RdQwB2mZ+kAmKuLJBq9T5gR5wG0=
-github.com/projectdiscovery/rawhttp v0.0.0-20200825153041-19146aae6d84 h1:2aO1hZXYAh/UIboBqXyBJ17bHnEWa3y/5rCrIUYqfD0=
-github.com/projectdiscovery/rawhttp v0.0.0-20200825153041-19146aae6d84/go.mod h1:RkML6Yq6hf4z2wAUXisa15al4bS+wuJnlhM5ZOfn9k4=
+github.com/projectdiscovery/rawhttp v0.0.0-20200830154207-1d82476d6442 h1:06LrG4cDuRRCYnjpRUGSyffOwAMV/ZjunEtygPXnfqg=
+github.com/projectdiscovery/rawhttp v0.0.0-20200830154207-1d82476d6442/go.mod h1:RkML6Yq6hf4z2wAUXisa15al4bS+wuJnlhM5ZOfn9k4=
 github.com/projectdiscovery/retryablehttp-go v1.0.1 h1:V7wUvsZNq1Rcz7+IlcyoyQlNwshuwptuBVYWw9lx8RE=
 github.com/projectdiscovery/retryablehttp-go v1.0.1/go.mod h1:SrN6iLZilNG1X4neq1D+SBxoqfAF4nyzvmevkTkWsek=
 github.com/remeh/sizedwaitgroup v1.0.0 h1:VNGGFwNo/R5+MJBf6yrsr110p0m4/OX4S3DCy7Kyl5E=