Nuclei disconnecting early when pinging to Interactsh URL (HTTP) #6631
Description
Nuclei disconnecting early when pinging to Interactsh URL (HTTP).
Template:
id: ping-server
info:
name: ping-server
author: ping-server
severity: critical
description: ping-server
tags: test,ssrf
http:
- method: GET
path:
- "{{BaseURL}}/?url=http://{{interactsh-url}}"
matchers-condition: and
matchers:
- type: word
part: interactsh_protocol
words:
- "dns"
- "http"Server:
#!/usr/bin/env python3
"""
Simple HTTP server that sends GET requests to URLs provided as parameters.
"""
from http.server import BaseHTTPRequestHandler, HTTPServer
from urllib.parse import urlparse, parse_qs
import urllib.request
import json
import time
class RequestHandler(BaseHTTPRequestHandler):
def handle_one_request(self):
print(f"[{time.time()}] handle_one_request started")
super().handle_one_request()
print(f"[{time.time()}] handle_one_request finished")
def do_GET(self):
start_time = time.time()
print(f"[{start_time:.3f}] do_GET called for path: {self.path}")
parsed_path = urlparse(self.path)
query_params = parse_qs(parsed_path.query)
if 'url' not in query_params:
self.send_response(400)
self.send_header('Content-type', 'application/json')
self.end_headers()
response = {
'error': 'Missing required parameter: url',
'usage': 'Send GET request to /?url=<target_url>'
}
self.wfile.write(json.dumps(response, indent=2).encode())
return
target_url = query_params['url'][0]
print(f"[{time.time():.3f}] [{time.time() - start_time:.3f}s] Processing {target_url}")
try:
print(f"[{time.time():.3f}] [{time.time() - start_time:.3f}s] About to call urlopen")
with urllib.request.urlopen(target_url, timeout=10) as response:
print(f"[{time.time():.3f}] [{time.time() - start_time:.3f}s] urlopen finished")
status_code = response.status
content = response.read().decode('utf-8')
headers = dict(response.headers)
print(f"[{time.time():.3f}] [{time.time() - start_time:.3f}s] Sending response headers")
self.send_response(200)
self.send_header('Content-type', 'application/json')
self.end_headers()
result = {
'success': True,
'target_url': target_url,
'status_code': status_code,
'headers': headers,
'content': content[:500] + '...' if len(content) > 500 else content
}
print(f"[{time.time():.3f}] [{time.time() - start_time:.3f}s] About to write response body")
self.wfile.write(json.dumps(result, indent=2).encode())
print(f"[{time.time():.3f}] [{time.time() - start_time:.3f}s] Response completed successfully")
except Exception as e:
print(f"[{time.time():.3f}] [{time.time() - start_time:.3f}s] Exception occurred: {e}")
self.send_response(500)
self.send_header('Content-type', 'application/json')
self.end_headers()
error_response = {
'success': False,
'target_url': target_url,
'error': str(e)
}
self.wfile.write(json.dumps(error_response, indent=2).encode())
def run_server(port=1231):
server_address = ('', port)
httpd = HTTPServer(server_address, RequestHandler)
print(f'Starting server on port {port}...')
print(f'Usage: http://localhost/:{port}/?url=<target_url>')
print(f'Example: http://localhost/:{port}/?url=https://api.github.com/')
httpd.serve_forever()
if __name__ == '__main__':
run_server()Steps to Reproduce
$ ./bin/nuclei -duc -u http://localhost:1231 -t ping-server.yaml -debug -timeout 10
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.6.0
projectdiscovery.io
[INF] Current nuclei version: v3.6.0 (unknown) - remove '-duc' flag to enable update checks
[INF] Current nuclei-templates version: v10.3.5 (unknown) - remove '-duc' flag to enable update checks
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 57
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] Using Interactsh Server: oast.site
[INF] [ping-server] Dumped HTTP request for http://localhost:1231/?url=http://d4qmbi5tl7qkhsvcpgm08xn7kwfq4473m.oast.site
GET /?url=http://d4qmbi5tl7qkhsvcpgm08xn7kwfq4473m.oast.site HTTP/1.1
Host: localhost:1231
User-Agent: Mozilla/5.0 (Ubuntu; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/141.0.0.0 Safari/537.36
Connection: close
Accept: */*
Accept-Language: en
Accept-Encoding: gzip
[WRN] [ping-server] Could not execute request for http://localhost:1231: cause="context deadline exceeded (Client.Timeout exceeded while awaiting headers)" chain="got err while executing http://localhost:1231/?url=http://d4qmbi5tl7qkhsvcpgm08xn7kwfq4473m.oast.site"
[INF] Scan completed in 25.47126368s. No results found.Server logs:
[1765107144.8031025] handle_one_request started
[1765107169.8682203] handle_one_request finished
[1765107169.8688383] handle_one_request started
[1765107169.870] do_GET called for path: /?url=http://d4qmbi5tl7qkhsvcpgm08xn7kwfq4473m.oast.site
[1765107169.870] [0.000s] Processing http://d4qmbi5tl7qkhsvcpgm08xn7kwfq4473m.oast.site
[1765107169.870] [0.000s] About to call urlopen
[1765107169.969] [0.100s] urlopen finished
[1765107169.969] [0.100s] Sending response headers
127.0.0.1 - - [07/Dec/2025 18:32:49] "GET /?url=http://d4qmbi5tl7qkhsvcpgm08xn7kwfq4473m.oast.site HTTP/1.1" 200 -
[1765107169.970] [0.100s] About to write response body
[1765107169.970] [0.100s] Exception occurred: [Errno 32] Broken pipe
127.0.0.1 - - [07/Dec/2025 18:32:49] "GET /?url=http://d4qmbi5tl7qkhsvcpgm08xn7kwfq4473m.oast.site HTTP/1.1" 500 -
----------------------------------------
Exception occurred during processing of request from ('127.0.0.1', 55076)
Traceback (most recent call last):
File "/tmp/server.py", line 59, in do_GET
self.wfile.write(json.dumps(result, indent=2).encode())
~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/linuxbrew/.linuxbrew/Cellar/[email protected]/3.14.0/lib/python3.14/socketserver.py", line 845, in write
self._sock.sendall(b)
~~~~~~~~~~~~~~~~~~^^^
BrokenPipeError: [Errno 32] Broken pipe
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/linuxbrew/.linuxbrew/Cellar/[email protected]/3.14.0/lib/python3.14/socketserver.py", line 318, in _handle_request_noblock
self.process_request(request, client_address)
~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/linuxbrew/.linuxbrew/Cellar/[email protected]/3.14.0/lib/python3.14/socketserver.py", line 349, in process_request
self.finish_request(request, client_address)
~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/linuxbrew/.linuxbrew/Cellar/[email protected]/3.14.0/lib/python3.14/socketserver.py", line 362, in finish_request
self.RequestHandlerClass(request, client_address, self)
~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/linuxbrew/.linuxbrew/Cellar/[email protected]/3.14.0/lib/python3.14/socketserver.py", line 766, in __init__
self.handle()
~~~~~~~~~~~^^
File "/home/linuxbrew/.linuxbrew/Cellar/[email protected]/3.14.0/lib/python3.14/http/server.py", line 485, in handle
self.handle_one_request()
~~~~~~~~~~~~~~~~~~~~~~~^^
File "/tmp/server.py", line 16, in handle_one_request
super().handle_one_request()
~~~~~~~~~~~~~~~~~~~~~~~~~~^^
File "/home/linuxbrew/.linuxbrew/Cellar/[email protected]/3.14.0/lib/python3.14/http/server.py", line 473, in handle_one_request
method()
~~~~~~^^
File "/tmp/server.py", line 66, in do_GET
self.end_headers()
~~~~~~~~~~~~~~~~^^
File "/home/linuxbrew/.linuxbrew/Cellar/[email protected]/3.14.0/lib/python3.14/http/server.py", line 587, in end_headers
self.flush_headers()
~~~~~~~~~~~~~~~~~~^^
File "/home/linuxbrew/.linuxbrew/Cellar/[email protected]/3.14.0/lib/python3.14/http/server.py", line 591, in flush_headers
self.wfile.write(b"".join(self._headers_buffer))
~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/home/linuxbrew/.linuxbrew/Cellar/[email protected]/3.14.0/lib/python3.14/socketserver.py", line 845, in write
self._sock.sendall(b)
~~~~~~~~~~~~~~~~~~^^^
BrokenPipeError: [Errno 32] Broken pipe
----------------------------------------
UPDATE:
It success with IP as a target:
$ ./bin/nuclei -duc -u http://127.0.0.1:1231 -t ping-server.yaml -timeout 10
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.6.0
projectdiscovery.io
[INF] Current nuclei version: v3.6.0 (unknown) - remove '-duc' flag to enable update checks
[INF] Current nuclei-templates version: v10.3.5 (unknown) - remove '-duc' flag to enable update checks
[INF] New templates added in latest release: 57
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] Using Interactsh Server: oast.live
[ping-server] [http] [critical] http://127.0.0.1:1231/?url=http://d4qmcittl7ql9o5f0g40riht9fddoja83.oast.live
[INF] Scan completed in 5.447514541s. 1 matches found.Server logs:
[1765107275.5995228] handle_one_request started
[1765107275.600] do_GET called for path: /?url=http://d4qmcittl7ql9o5f0g40riht9fddoja83.oast.live
[1765107275.600] [0.000s] Processing http://d4qmcittl7ql9o5f0g40riht9fddoja83.oast.live
[1765107275.600] [0.000s] About to call urlopen
[1765107275.673] [0.073s] urlopen finished
[1765107275.673] [0.073s] Sending response headers
127.0.0.1 - - [07/Dec/2025 18:34:35] "GET /?url=http://d4qmcittl7ql9o5f0g40riht9fddoja83.oast.live HTTP/1.1" 200 -
[1765107275.673] [0.073s] About to write response body
[1765107275.673] [0.073s] Response completed successfully
[1765107275.6732538] handle_one_request finished
Additional context
Slack thread: /archives/C09FG4BPS7Q/p1760947003207529
Sub-issues
Metadata
Metadata
Assignees
Labels
No labels