[FEATURE] Support request annotations in unsafe mode #6747
Description
Summary
Request annotations should be supported (or at least handled, gracefully), else is generated requests may be malformed when unsafe is enabled.
Found while reproducing #6350 btw.
Steps to reproduce
Template:
# annotation-unsafe.yaml
id: annotation-unsafe
info:
name: HTTP Annotation with Unsafe Mode
author: dwisiswant0
severity: info
tags: test
http:
- raw:
- |
@Host: honey.scanme.sh
GET /foo HTTP/1.1
Host: {{Hostname}}
unsafe: true
matchers:
- type: word
words:
- "foo"Usage:
$ ./bin/nuclei -u http://scanme.sh -t annotation-unsafe.yaml -debug-req
__ _
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.6.2
projectdiscovery.io
[INF] Current nuclei version: v3.6.2 (unknown) - remove '-duc' flag to enable update checks
[INF] Current nuclei-templates version: v10.3.6 (unknown) - remove '-duc' flag to enable update checks
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 176
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [annotation-unsafe] Dumped HTTP request for http://scanme.sh/foo
@Host: honey.scanme.sh
GET /foo HTTP/1.1
Host: scanme.sh
[INF] Scan completed in 162.088777ms. No results found.