Added interact-url placeholder support to variables in http requests (#…

…2237)

* Added interact-url placeholder support to variables in http requests

* Fixed variable errors

* Fixed issue with interactsh in req

v2/pkg/protocols/common/variables/variables.go

@@ -1,9 +1,12 @@
 package variables
 
 import (
+	"strings"
+
 	"github.com/alecthomas/jsonschema"
 	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/expressions"
 	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/generators"
+	"github.com/projectdiscovery/nuclei/v2/pkg/protocols/common/interactsh"
 	"github.com/projectdiscovery/nuclei/v2/pkg/types"
 	"github.com/projectdiscovery/nuclei/v2/pkg/utils"
 )
@@ -44,6 +47,21 @@ func (variables *Variable) Evaluate(values map[string]interface{}) map[string]in
 	return result
 }
 
+// EvaluateWithInteractsh returns evaluation results of variables with interactsh
+func (variables *Variable) EvaluateWithInteractsh(values map[string]interface{}, interact *interactsh.Client) (map[string]interface{}, []string) {
+	result := make(map[string]interface{}, variables.Len())
+
+	var interactURLs []string
+	variables.ForEach(func(key string, value interface{}) {
+		valueString := types.ToString(value)
+		if strings.Contains(valueString, "interactsh-url") {
+			valueString, interactURLs = interact.ReplaceMarkers(valueString, interactURLs)
+		}
+		result[key] = evaluateVariableValue(valueString, values, result)
+	})
+	return result, interactURLs
+}
+
 // evaluateVariableValue expression and returns final value
 func evaluateVariableValue(expression string, values, processing map[string]interface{}) string {
 	finalMap := generators.MergeMaps(values, processing)

v2/pkg/protocols/common/variables/variables_test.go

@@ -9,8 +9,7 @@ import (
 )
 
 func TestVariablesEvaluate(t *testing.T) {
-	data := `a1: "{{rand_base(5)}}"
-a2: "{{md5(a1)}}"
+	data := `a2: "{{md5('test')}}"
 a3: "this_is_random_text"
 a4: "{{date_time('%Y-%M-%D')}}"
 a5: "{{reverse(hostname)}}"
@@ -22,5 +21,5 @@ a6: "123456"`
 
 	result := variables.Evaluate(map[string]interface{}{"hostname": "google.com"})
 	a4 := time.Now().Format("2006-01-02")
-	require.Equal(t, map[string]interface{}{"a1": "BpLnf", "a2": "531403a4c6a4133e42d0499b5a6ee60f", "a3": "this_is_random_text", "a4": a4, "a5": "moc.elgoog", "a6": "123456"}, result, "could not get correct elements")
+	require.Equal(t, map[string]interface{}{"a2": "098f6bcd4621d373cade4e832627b4f6", "a3": "this_is_random_text", "a4": a4, "a5": "moc.elgoog", "a6": "123456"}, result, "could not get correct elements")
 }

v2/pkg/protocols/http/request.go

@@ -249,7 +249,7 @@ func (request *Request) ExecuteWithResults(reqURL string, dynamicValues, previou
 		// returns two values, error and skip, which skips the execution for the request instance.
 		executeFunc := func(data string, payloads, dynamicValue map[string]interface{}) (bool, error) {
 			hasInteractMatchers := interactsh.HasMatchers(request.CompiledOperators)
-			variablesMap := request.options.Variables.Evaluate(generators.MergeMaps(dynamicValues, payloads))
+			variablesMap, interactURLs := request.options.Variables.EvaluateWithInteractsh(generators.MergeMaps(dynamicValues, payloads), request.options.Interactsh)
 			dynamicValue = generators.MergeMaps(variablesMap, dynamicValue)
 
 			generatedHttpRequest, err := generator.Make(reqURL, data, payloads, dynamicValue)
@@ -260,6 +260,10 @@ func (request *Request) ExecuteWithResults(reqURL string, dynamicValues, previou
 				request.options.Progress.IncrementFailedRequestsBy(int64(generator.Total()))
 				return true, err
 			}
+			// If the variables contain interactsh urls, use them
+			if len(interactURLs) > 0 {
+				generatedHttpRequest.interactshURLs = append(generatedHttpRequest.interactshURLs, interactURLs...)
+			}
 			hasInteractMarkers := interactsh.HasMarkers(data) || len(generatedHttpRequest.interactshURLs) > 0
 			if reqURL == "" {
 				reqURL = generatedHttpRequest.URL()