fix(http): interactsh matching with payloads

[dwisiswant0]

Proposed changes

fix(http): interactsh matching with payloads

in parallel execution.

Templates using payloads with Interactsh
matchers failed to detect OAST interactions
because the parallel HTTP execution path (used
when payloads are present) did not register
Interactsh request events, unlike the seq path.

This caused incoming interactions to lack
associated request context, preventing matchers
from running and resulting in missed detections.

Fix #5485 by wiring
(*interactsh.Client).RequestEvent registration
into the parallel worker goroutine, make sure both
execution paths handle Interactsh correlation
equally.

Proof

server.py:

#!/usr/bin/env python3
import http.server
import socketserver
import urllib.request
import urllib.error
import threading
import sys

class Handler(http.server.BaseHTTPRequestHandler):
    def do_GET(self):
        target = self.headers.get("url")
        if target:
            threading.Thread(target=self._fire_and_forget, args=(target,), daemon=True).start()
        self.send_response(200)
        self.send_header("Content-Type", "text/plain")
        self.end_headers()
        body = "ok\n"
        if target:
            body = f"triggered: {target}\n"
        self.wfile.write(body.encode("utf-8"))

    def _fire_and_forget(self, url):
        try:
            with urllib.request.urlopen(url, timeout=5) as resp:
                resp.read(1)
        except (urllib.error.URLError, urllib.error.HTTPError, ValueError):
            pass


def main():
    host = "0.0.0.0"
    port = 8000
    if len(sys.argv) > 1:
        try:
            port = int(sys.argv[1])
        except ValueError:
            sys.stderr.write("Invalid port, using 8000\n")
    with socketserver.TCPServer((host, port), Handler) as httpd:
        print(f"Listening on http://{host}:{port}")
        httpd.serve_forever()

if __name__ == "__main__":
    main()

$ ./bin/nuclei -t integration_tests/protocols/http/interactsh-with-payloads.yaml -u http://127.0.0.1:8000 -interactions-poll-duration 1 -silent
[interactsh-with-payloads] [http] [info] http://127.0.0.1:8000/?p=c [p="c"]
[interactsh-with-payloads] [http] [info] http://127.0.0.1:8000/?p=a [p="a"]
[interactsh-with-payloads] [http] [info] http://127.0.0.1:8000/?p=b [p="b"]

Checklist

• Pull request is created against the dev branch
• All checks passed (lint, unit/integration/regression tests etc.) with my changes
• I have added tests that prove my fix is effective or that my feature works
• I have added necessary documentation (if appropriate)

Summary by CodeRabbit

• Tests

  • Added an integration test covering interactsh payload scenarios.

• Bug Fixes

  • Preserve payload values for interact-only interactions to avoid data loss.
  • Improve result-write gating to allow safe retries and reduce missed detections.

• Improvements

  • Deduplicate processed interactions to prevent duplicate work.
  • Coordinate interactsh events in parallel HTTP requests and propagate interim payload metadata for accurate callbacks.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Adds a new integration test for interactsh with payloads, per-request interactsh handling in parallel HTTP execution, deduplicates processed interactions with a cache, preserves payloads for interactsh-only matches, and changes matched-write gating to a CAS-based check.

Changes

Cohort / File(s)	Summary
Integration tests cmd/integration-test/http.go, cmd/integration-test/interactsh.go	Added httpInteractshWithPayloadsRequest and registered protocols/http/interactsh-with-payloads.yaml test case to exercise interactsh behavior when HTTP payloads are used.
Interactsh result handling pkg/protocols/common/interactsh/interactsh.go	Added processedInteractions cache and shouldProcessInteraction deduplication; early-return for duplicates; preserve payloads from InternalEvent["payloads"] when PayloadValues is empty; replace simple lock with CAS gating for writing matched results; add cache cleanup on Close.
Parallel HTTP request flow pkg/protocols/http/request.go	Track and propagate per-task hasInteractMarkers and generatedRequest.meta (as interim payloads); emit Interactsh RequestEvent when interact markers/matchers exist; wrap callbacks and adjust event emission to synchronize interactsh requests with parallel workers.

Sequence Diagram(s)

sequenceDiagram
    participant Generator as RequestGenerator
    participant Worker
    participant HTTP as HTTP Dispatcher
    participant Interactsh
    participant Matcher as Template/Matcher
    participant Results as ResultProcessor

    Generator->>Worker: produce requests (meta/payloads, hasInteractMarkers)
    Worker->>HTTP: dispatch request
    HTTP->>Worker: worker handles response
    alt hasInteractMarkers
        Worker->>Interactsh: emit RequestEvent (urls, metadata, payloads)
    end
    Worker->>Matcher: run template / matchers
    Matcher-->>Results: produce interim event (includes interimEvent["payloads"])
    Results->>Interactsh: process interactions
    Interactsh-->>Results: deliver InternalEvent + OperatorsResults
    Results->>Results: if OperatorsResults.PayloadValues empty -> copy from InternalEvent["payloads"]
    Results->>Results: CAS InteractshMatched false->true => write final result (or reset on failure)

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Poem

🐇 I sniffed the payloads on the breeze,
Emitted pings and hopped with ease,
Saved each payload, neat and sound,
Skipped the echoes running round,
Tests pass — the little rabbit beams.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title 'fix(http): interactsh matching with payloads' directly and clearly summarizes the main bug being fixed: enabling Interactsh OAST matching to work correctly when payloads are used in HTTP templates.
Linked Issues check	✅ Passed	The PR implementation addresses the core objective from issue #5485: it registers Interactsh RequestEvent in the parallel HTTP execution path used when payloads are present, enabling Interactsh interactions to be properly correlated with requests regardless of payload usage.
Out of Scope Changes check	✅ Passed	All code changes are within scope: HTTP payload handling improvements, Interactsh client cache/deduplication logic, and integration tests for the new functionality are all directly related to fixing Interactsh matching with payloads.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@pkg/protocols/common/interactsh/interactsh.go`:
- Around line 172-174: The deduplication key currently built in
shouldProcessInteraction uses fullID + ":" + protocol which causes distinct
events with the same ID/protocol to be dropped; update the key construction in
the shouldProcessInteraction method to append a timestamp discriminator from
interaction.Timestamp (e.g., Unix seconds or milliseconds or formatted string)
so the cache key becomes fullID + ":" + protocol + ":" + interaction.Timestamp
(or its numeric representation), preserving the existing duplicate-suppression
logic while allowing separate interactions with different timestamps to be
processed.

[dwisiswant0]

Do we have a known issue for interactsh in CI? Some related cases seem to be disabled too (and failed for all plats/archs -- tried too), tho this passes locally for me.

Marking this ready for review.