projectdiscovery/interactsh

All requests are not intercepted with the wildcard option

IISometric opened this issue · 0 comments

IISometric commented

Interactsh version:

1.1.0

Current Behavior:

Interactsh when using the wildcard: true option (on the server) and when using the match: ['.*'] option (on the client) does not capture all requests on all domains in list domain: [<my_domain1>, <my_domain2>, <my_domain3>].

Expected Behavior:

Display all requests regardless of the collaborator domain used.

Steps To Reproduce:

  1. Run server by command:
    interactsh-server -config ./server_config.yaml

  2. Run client by command:
    interactsh-client -config ./client_config.yaml

  3. Send requests:
    curl http://<my_domain3>/ - interactsh_client print DNS request, but doesn't print HTTP request (DNS cache has been flush).
    curl http://<my_domain2>/ - interactsh_client doesn't print DNS/HTTP request (DNS cache has been flush).
    curl http://<rand_subdomain>.<my_domain1>/test - interactsh_client doesn't print DNS/HTTP request (DNS cache has been flush).
    curl http://<rand_subdomain>.<my_domain2>/test - interactsh_client doesn't print DNS/HTTP request (DNS cache has been flush).
    curl http://<rand_subdomain>.<my_domain3>/test - interactsh_client print DNS/HTTP request (DNS cache has been flush).
    I think the problem is with the order of the domains in the array. Requests to the last domain are almost always displayed <my_domain3>, while requests to the previous ones are almost never displayed <my_domain1>, <my_domain2>.

Content of server_config.yaml: 
# interactsh-server config file
# generated by https://github.com/projectdiscovery/goflags

# single/multiple configured domain to use for server
domain: [<my_domain1>, <my_domain2>, <my_domain3>]

# public ip address to use for interactsh server
ip: <my_public_ip>

# public ip address to listen on
listen-ip: 0.0.0.0

# number of days to persist interaction data in memory
eviction: 365

# disable periodic data eviction from memory
#no-eviction: true

# enable authentication to server using random generated token
#auth: false

# enable authentication to server using given token
token: <my_connect_token>

# origin url to send in acao header to use web-client)
#acao-url: *

# skip acme registration (certificate checks/handshake + tls protocols will be disabled)
#skip-acme: false

# scan canary token everywhere
#scan-everywhere: true

# length of the correlation id preamble
#correlation-id-length: 3

# length of the correlation id nonce
#correlation-id-nonce-length: 3

# custom certificate path
#cert: 

# custom private key path
#privkey: 

# http header containing origin ip (interactsh behind a reverse proxy)
#origin-ip-header: 

# flag configuration file
config: /app/config/config.yaml

# enable setting up arbitrary response data
#dynamic-resp: true

# custom dns records yaml file for dns server
#custom-records:

# custom index file for http server
http-index: /app/www-root/index.html

# directory with files to serve with http server
http-directory: /app/www-root/

# disk based storage
#disk: true

# disk storage path
#disk-path: /app/storage/

# port to use for dns service
#dns-port: 53

# port to use for http service
#http-port: 80

# port to use for https service
#https-port: 443

# port to use for smtp service
#smtp-port: 25

# port to use for smtps service
#smtps-port: 587

# port to use for smtps autotls service
#smtp-autotls-port: 465

# port to use for ldap service
#ldap-port: 389

# enable ldap server with full logging (authenticated)
#ldap: true

# enable wildcard interaction for interactsh domain (authenticated)
wildcard: true

# start smb agent - impacket and python 3 must be installed (authenticated)
#smb: true

# start responder agent - docker must be installed (authenticated)
#responder: false

# start ftp agent (authenticated)
#ftp: true

# port to use for smb service
#smb-port: 445

# port to use for ftp service
#ftp-port: 21

# ftp directory - temporary if not specified
#ftp-dir:

# show version of the project
version: false

# start interactsh server in debug mode
#debug: true

# enable pprof debugging server
#enable-pprof: false

# run diagnostic check up
#hc: false

# enable metrics endpoint
Content of client_config.yaml: 
# interactsh-client config file
# generated by https://github.com/projectdiscovery/goflags

# interactsh server(s) to use
server: [<my_domain1>, <my_domain2>, <my_domain3>]

# flag configuration file
config: /app/config/interactsh-client.yaml

# number of interactsh payload to generate
#number: 1

# authentication token to connect protected interactsh server
token: <my_connect_token>

# poll interval in seconds to pull interaction data
poll-interval: 3

# disable http fallback registration
#no-http-fallback: false

# length of the correlation id preamble
#correlation-id-length: 3

# length of the correlation id nonce
#correlation-id-nonce-length: 3

# store/read from session file
#session-file:

# match interaction based on the specified pattern
match: ['.*']

# filter interaction based on the specified pattern
#filter: []

# display only dns interaction in cli output
#dns-only: false

# display only http interaction in cli output
#http-only: false

# display only smtp interactions in cli output
#smtp-only: false

# output file to write interaction data
#o:

# write output in jsonl(ines) format
json: true

# display verbose interaction
v: true

# show version of the project
#version: false

# run diagnostic check up

Anything else :

Activating the scan-everywhere option on the server does not help solve the problem.