[BUG] Nuclei can't set headers in DAST fuzzing templates #5983
Description
Is there an existing issue for this?
- I have searched the existing issues.
Current Behavior
can't set headers in DAST fuzzing templates.
Expected Behavior
can set custom headers in DAST fuzzing templates.
Steps To Reproduce
nuclei -dast -t simple-fuzzing-test.yaml -u http://127.0.0.1/?id=1 -debug-req
id: simple-fuzzing-test
info:
name: Simple Fuzzing Test
author: test
severity: high
http:
- method: GET
path:
- "{{BaseURL}}/test?id=1"
headers:
test: abc
User-Agent: ua
fuzzing:
- part: query
type: replace
keys:
- id
fuzz:
- 1
- 2
matchers:
- type: status
status:
- 200
Relevant log output
____ __ _______/ /__ (_)
/ __ \/ / / / ___/ / _ \/ /
/ / / / /_/ / /__/ / __/ /
/_/ /_/\__,_/\___/_/\___/_/ v3.3.8
projectdiscovery.io
[WRN] The concurrency value is higher than max-host-error
[INF] Adjusting max-host-error to the concurrency value: 50
[INF] Current nuclei version: v3.3.8 (outdated)
[INF] Current nuclei-templates version: v9.6.8 (outdated)
[WRN] Scan results upload to cloud is disabled.
[INF] New templates added in latest release: 11
[INF] Templates loaded for current scan: 1
[WRN] Loading 1 unsigned templates for scan. Use with caution.
[INF] Targets loaded for current scan: 1
[INF] [simple-fuzzing-test] Dumped HTTP request for http://127.0.0.1/?id=1
GET /?id=1 HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11) AppleWebKit/616.17 (KHTML, like Gecko) Version/17.3.75 Safari/616.17
Accept-Encoding: gzip
[INF] [simple-fuzzing-test] Dumped HTTP request for http://127.0.0.1/?id=2
GET /?id=2 HTTP/1.1
Host: 127.0.0.1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11) AppleWebKit/616.17 (KHTML, like Gecko) Version/17.3.75 Safari/616.17
Accept-Encoding: gzip
[INF] No results found. Better luck next time!
[0:00:00] | Templates: 1 | Hosts: 1 | RPS: 7 | Matched: 0 | Errors: 2 | Requests: 2/1 (200%)Environment
- OS: mac os
- Nuclei: 3.3.8Anything else?
No response