-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(code): do NOT compile single code
protocol w/o request.SelfContained
#5757
base: dev
Are you sure you want to change the base?
fix(code): do NOT compile single code
protocol w/o request.SelfContained
#5757
Conversation
Signed-off-by: Dwi Siswanto <git@dw1.io>
Signed-off-by: Dwi Siswanto <git@dw1.io>
…tained` Signed-off-by: Dwi Siswanto <git@dw1.io>
Signed-off-by: Dwi Siswanto <git@dw1.io>
Signed-off-by: Dwi Siswanto <git@dw1.io> Co-authored-by: Dogan Can Bakir <dogancanbakir@users.noreply.github.com>
…pile-single-code-protocol-without-self-contained
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
while this is one way to achieve , just confirming if we want to head in this direction cc: @ehsandeep @Mzack9999
i remember that one usecase was that , code protocol can be used to run other exploits that can't be necessarily run with javascript or http
- some exploit in python which uses structs and stuff and would be difficult to achieve it in go
- other such remote exploits that have poc's but can't be run with go but still require input
^ both of these require passing http url as input ( i remember there was one such template as well ).
If we still want to keep these usecases it might be just enough to print a forced warning
like we do when we run code protocol without -code flag
To your concern:
Originally posted by @dwisiswant0 in #5742 IMO, I think code-protocol-based templates should be used for the pre-exploitation stage (like building) or other generative steps. After that, they could switch to other protocols for the actual exploit stage, matching whatever protocol is used on the target. To make this even more effective, we could aim to support similar caps to Python like |
Proposed changes
Fix #5742
TODO:
How has been this tested?
Validate:
Test:
Checklist