Learn about using a headless browser with Nuclei
{{BaseURL}}
, {{Hostname}}
to customize the request fully.
code
argument with the JS snippet you want to execute, and it will be run on the page.
code
property strictly requires a function reference. Direct expressions or values are invalid and will not work. Always use a function.Incorrect:window.random-object
with a value, and you want to match on that value.
hook
argument. This will always run the provided Javascript, before any of the pages load.
The example provided hooks window.alert
so that the alerts that are generated by the application do not stop the crawler.
fullpage: true
option in the args.
DOMContentLoaded
event, indicating that the HTML has been loaded and parsed, but without waiting for stylesheets, images, and subframes to finish loading.
1s
).
alert
, confirm
, prompt
, or onbeforeunload
) to be initialized and then automatically accept it.
name
property MUST be explicitly defined to ensure the output variable is available for later use by matchers
or extractors
wihtin your template. See the example here.alert
, confirm
, prompt
, or onbeforeunload
).extracted-value
with matchers and extractors.
keys
argument accepts key-codes.
Note: Only use this for debugging purposes, don’t use this in production templates.
Selector | Description |
---|---|
r / regex | Element matches CSS Selector and Text Matches Regex |
x / xpath | Element matches XPath selector |
js | Return elements from a JS function |
search | Search for a query (can be text, XPATH, CSS) |
selector (default) | Element matches CSS Selector |
part
values supported by Headless protocol for Matchers / Extractor are -
Value | Description |
---|---|
request | Headless Request |
<out_names> | Action names with stored values |
raw / body / data | Final DOM response from browser |