The certificate update randomly fails due to delays/issues in the TXT record propagation containing the challenge:

# ./interactsh-server -domain abcd.efg -ip xxx.xxx.xxx.xxx -listen-ip xxx.xxx.xxx.xxx
2021/12/15 14:24:28 Creating new order for domains: [*.abcd.efg abcd.efg]
2021/12/15 14:24:28 Order created: https://acme-v02.api.letsencrypt.org/acme/order/123456789/123456789
2021/12/15 14:24:28 Fetching authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/123456789
2021/12/15 14:24:28 Fetched authorization: abcd.efg
2021/12/15 14:28:28 Updating challenge for authorization abcd.efg: https://acme-v02.api.letsencrypt.org/acme/chall-v3/123456789/123456789
2021/12/15 14:28:59 An error occurred while applying for an certificate, error: could not generate new certs: error updating authorization abcd.efg challenge: acme: error code 400 "urn:ietf:params:acme:error:dns": During secondary validation: DNS problem: query timed out looking up TXT for _abcd.efg
2021/12/15 14:28:59 Could not generate certs for auto TLS, https will be disabled
2021/12/15 14:28:59 Listening on DNS, SMTP and HTTP ports


$ dig abcd.efg txt # from another box

; <<>> DiG 9.16.1-Ubuntu <<>> hackwithautomation.com txt
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15605
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;abcd.efg.		IN	TXT

;; ANSWER SECTION:
abcd.efg.	0	IN	TXT	""

;; Query time: 8 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Wed Dec 15 13:32:01 UTC 2021
;; MSG SIZE  rcvd: 107

Hi, Following the instructions I set up my own Interactsh server, however after starting it, I can't connect to it with the interactsh client.

Server running :

Attempt to connect with the client :

And I think my DNS configuration is good because if I run a custom DNS that I wrote in Ruby, it responds well to queries

Regards

Version: 0.0.7 Go version: 1.17.5 linux/amd64 Hello guys, the issue I'm having is trying to connect the client to my server. I execute the command: interactsh-client -server https://example.com

The server returns:

[FTL] Could not create client: could not make register request: POST https://example.com/register giving up after 6 attempts: Post "https://example.com/register": dial tcp server_ip
:443: connect: connection refused

I also tried http://example.com with the same response. And I also tried the web client with custom server pointing to example.com with no success.

My server is running on an Oracle VM. My domain in registered on Namecheap. I configured it with custom nameservers (ns1 and ns2 both pointing to server_ip, which is the VM's IP). I am running BIND9 on it to act as nameserver. If I enable nginx on my VM I can access it using http://example.com. If I run nslookup ubuntu.com example.com from my Windows PC I get the correct response. I start my server with this command: interactsh-server -domain example.com

The response I get leads me to believe it is running correctly:

2021/12/26 21:06:20 Creating new order for domains: [*.example.com example.com]
2021/12/26 21:06:21 Order created: https://acme-v02.api.letsencrypt.org/acme/orde                                                                                       r/337280xxx/5038xxxxxxx
2021/12/26 21:06:21 Fetching authorization: https://acme-v02.api.letsencrypt.org/                                                                                       acme/authz-v3/6226815xxxx
2021/12/26 21:06:21 Fetched authorization: example.com
2021/12/26 21:06:31 Updating challenge for authorization example.com: https://acme-v02.api.letsencrypt.org/acme/chall-v3/6226815xxxx/Wnqorg
2021/12/26 21:06:33 Listening on DNS, SMTP and HTTP ports

I tried shutting down my firewall to see if it was interfering in some way with the command sudo iptables -F. I also made sure ports 53, 80 and 443 were open for TCP packets on the VM configuration.

Even so, I am getting connection refused.

Hi team,

I have created a DO Debain Droplet and installed a Floating IP added the configuration as said under the self hosted instance guide. Can anyone please help?

Example of ldap interaction:

$ ldapsearch -LLL -H ldap://127.0.0.1:10389 -d 5 -o ldif-wrap=no -b "OU=testgroup,OU=Group,dc=example,dc=com" -D "test" -w "test" '(CN=testgroup)' cn

interactsh-server:

$ sudo go run . -ldap -debug -listen-ip 127.0.0.1 -ip 127.0.0.1
2021/12/13 12:25:48 Client Token: xxxx
2021/12/13 12:25:49 Listening on ports: DNS, SMTP, HTTP, LDAP
[DBG] LDAP Interaction: 
{"protocol":"ldap","unique-id":"","full-id":"","raw-request":"Listening on 127.0.0.1:10389\n","remote-address":"","timestamp":"2021-12-13T12:25:49.528108+01:00"}
[DBG] Registered correlationID xxx for key
[DBG] LDAP Interaction: 
{"protocol":"ldap","unique-id":"","full-id":"","raw-request":"Connection client [1] from 127.0.0.1:60991 accepted","remote-address":"","timestamp":"2021-12-13T12:26:02.724619+01:00"}
[DBG] LDAP Interaction: 
{"protocol":"ldap","unique-id":"","full-id":"","raw-request":"\u003c\u003c\u003c 1 - BindRequest - hex=\u0026{303c0201016037020103042b7569643d7365617263682d757365722c6f753d50656f706c652c64633d6578616d706c652c64633d636f6d80057465737461}","remote-address":"","timestamp":"2021-12-13T12:26:02.725405+01:00"}
[DBG] LDAP Interaction: 
{"protocol":"ldap","unique-id":"","full-id":"","raw-request":"\u003e\u003e\u003e 1 - LDAPResult - hex=302f020101302a0a0135040004234f7065726174696f6e206e6f7420696d706c656d656e74656420627920736572766572","remote-address":"","timestamp":"2021-12-13T12:26:02.725526+01:00"}

When I run the command interactsh-server -domain mydomain.com -hostmaster [email protected] -ip [VPS IP]. The following output is given without any errors:

2021/05/01 08:45:17 Creating new order for domains: [*.mydomain.com mydomain.com]
2021/05/01 08:45:17 Order created: https://acme-v02.api.letsencrypt.org/acme/order/121967319/9409571122
2021/05/01 08:45:17 Fetching authorization: https://acme-v02.api.letsencrypt.org/acme/authz-v3/12762297545
2021/05/01 08:45:17 Fetched authorization: mydomain.com
2021/05/01 08:45:27 Updating challenge for authorization mydomain.com: https://acme-v02.api.letsencrypt.org/acme/chall-v3/12762297545/FkqiUg

But the server is not giving A records when queried. I already had a letsencrypt cert but even after I deleted the cert nothing changed the same output is given

We are trying to setup interactsh-server. But we are hitting this below error. We have already tried to setup this on ubuntu. Since Debian is recommended, we were trying there. But there also we are hitting the same issue.

-03:/tmp/root# ./interactsh-server -d interactshserver.prancer.cloud

    _       __                       __       __
   (_)___  / /____  _________ ______/ /______/ /_
  / / __ \/ __/ _ \/ ___/ __ '/ ___/ __/ ___/ __ \
 / / / / / /_/  __/ /  / /_/ / /__/ /_(__  ) / / /
/_/_/ /_/\__/\___/_/   \__,_/\___/\__/____/_/ /_/ 1.0.6

                projectdiscovery.io

[INF] Public IP: 137.135.78.15
[INF] Outbound IP: 10.0.0.4
[INF] Requesting SSL Certificate for:  [*.interactshserver.prancer.cloud, interactshserver.prancer.cloud]
[ERR] An error occurred while applying for a certificate, error: [*.interactshserver.prancer.cloud] Obtain: [*.interactshserver.prancer.cloud] solving challenges: waiting for solver certmagic.solverWrapper to be ready: timed out waiting for record to fully propagate; verify DNS provider configuration is correct - last error: <nil> (order=https://acme-v02.api.letsencrypt.org/acme/order/658683696/112438748756) (ca=https://acme-v02.api.letsencrypt.org/directory)
[ERR] Could not generate certs for auto TLS, https will be disabled
[INF] Listening with the following services:
[LDAP] Listening on TCP 10.0.0.4:389
[HTTPS] Listening on TCP 10.0.0.4:443
[DNS] Listening on TCP 10.0.0.4:53
[SMTPS] Listening on TCP 10.0.0.4:587
[DNS] Listening on UDP 10.0.0.4:53
[HTTP] Listening on TCP 10.0.0.4:80
[SMTP] Listening on TCP 10.0.0.4:25
[ERR] Could not serve http on tls: open : no such file or directory

This commit fixes three issues:

• Previously if a "listen IP" wasn't specified the public IP looked up from a "what is my IP" API was used. In many cases cloud VMs do not have their "public" IP bound to an interface (such as Amazon EC2), causing startup to fail:

  $ ./interactsh-server -domain example.com
  [FTL] Could not listen for udp DNS on 203.0.113.42:53 (listen udp 203.0.113.42:53: bind: cannot assign requested address)
  

  This has been changed to bind to an appropriate wildcard address, which should work in almost all cases.

• The default wildcard listen address has been changed to :<port number>, which will cause the socket to pick a suitable wildcard address depending on whether the machine is dual stack or IPv4-only. This further supports upcoming work to add IPv6 support.

• IPv6 literals may now be passed to "-listen-ip" without needing to wrap them in [].

Hi, I'm using Nuclei, interact and notify to spot OOB requests, however the webhook is spamming me with this

Could a IP filter argument be added so they're not passed through into STDOUT?

Maybe it is not very necessary, but if it would be something interesting, a client for burpsuite (community), it is necessary to take into account that it would be an extra maintenance, no wonder they reject the idea. but still I comment

Hello and thank you for this awesome tool, it will surely come in handy during our testing.

The current behavior of interactsh is to create a randomized subdomain like c282n3l3djgbti5v595gcnenzdoyyyyyn.domain.tld, which is fine and all, however, we have a pretty nice 4 x 2 domain and we feel that smaller payloads are the best, so could you allow the use of the base domain and/or customized sub-domains for self-hosted servers in addition to the randomized subdomains?

Edited to ask for customized sub-domains option as well. 👍🏻

Bumps github.com/projectdiscovery/retryablehttp-go from 1.0.7 to 1.0.8.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Bumps github.com/projectdiscovery/retryabledns from 1.0.18 to 1.0.19.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Bumps github.com/projectdiscovery/gologger from 1.1.5 to 1.1.7.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Description

This PR adds asn info related to the remote address origin of the interaction. The enrichment happens client side to avoid further pressure and resource consumption on the server.

{"protocol":"http","unique-id":"xxx","full-id":"xxx","raw-request":"GET / HTTP/1.1\r\nHost: xxx.oast.me\r\nAccept: */*\r\nUser-Agent: curl/7.81.0\r\n\r\n","raw-response":"HTTP/1.1 200 OK\r\nConnection: close\r\nContent-Type: text/html; charset=utf-8\r\nServer: oast.me\r\nX-Interactsh-Version: 1.0.7\r\n\r\n\u003chtml\u003e\u003chead\u003e\u003c/head\u003e\u003cbody\u003e84wb1ttcnycp7gg9a33sv82t33g448rec\u003c/body\u003e\u003c/html\u003e","remote-address":"xxx.xxx.xxx.xxx","timestamp":"2023-01-05T07:54:04.72192316Z","asninfo":[{"asn":"ASxxxx","country":"xx","first-ip":"xxx.xxx.xxx.0","last-ip":"xxx.xxx.xxx.255","org":"ASN-xxxx"}]}

The info is available in JSON format; I don't know if it should be printed by default to stdout.

Please describe your feature request:

New option to support:

-ne, -no-eviction int       disable periodic data eviction from memory

README.md for interactsh-server says:

-e, -eviction int       number of days to persist interaction data in memory (default 30)

There should be a way to specify an infinite eviction (i.e. disable the purging of sessions and interaction data)

Describe the use case of this feature:

Someone with a self-hosted interactsh-server may want to do very long-running polling of a session. For example:

• Day 0 - create an interactsh session and do a very long poll against it using interactsh-client, e.g. piped to notify
• Day 1 - use the session to generate canary hostnames. Use those hostnames e.g. in a blind time-delayed SSRF or blind XSS scenario
• Day 100 - have the hostname be accessed by a victim, receive notification of this event

With the default eviction of 30 days, my understanding is that the long-running interactsh-client started on day 0 will silently stop receiving events after 30 days. The interactsh-client will stay connected and will keep polling, will not get any errors, but will not receive events.

Alternative solution:

A user of interactsh-server can do -e 999999 to get an essentially infinite eviction time :) but this is not very clean

Risks

There might be an accidental or malicious DoS risk to an interactsh-server that is configured to never evict sessions

See also

Discussion re: this issue at https://discord.com/channels/695645237418131507/837760016822829147/1050207078393856020