Skip to content

Fix interactsh decryption#2919

Merged
liquidsec merged 1 commit into
devfrom
interactsh-upgrade-fix
Feb 23, 2026
Merged

Fix interactsh decryption#2919
liquidsec merged 1 commit into
devfrom
interactsh-upgrade-fix

Conversation

@liquidsec

Copy link
Copy Markdown
Collaborator

The public interactsh OAST servers (oast.pro, oast.live, oast.site, oast.online, oast.fun, oast.me) were upgraded to interactsh v1.3.0, which switched the
server-side encryption from AES-CFB to AES-CTR. This broke BBOT's interactsh client — polling returns encrypted data that can't be decrypted with the old CFB mode,
producing garbled bytes and a UnicodeDecodeError

Error polling interact.sh: 'utf-8' codec can't decode byte 0x8d in position 16: invalid start byte

Changes

Updated _decrypt() in bbot/core/helpers/interactsh.py to match the new server-side encryption:

  • AES.MODE_CFB → AES.MODE_CTR with nonce=b"" and initial_value=iv
  • Separate IV from ciphertext before decryption instead of decrypting the whole blob and skipping 16 bytes after
  • Aligns with the official Go client's decryption logic in pkg/client/client.go

References

Interactsh servers upgraded to v1.3.0 which uses AES-CTR encryption
instead of AES-CFB. Update _decrypt() to match.
@github-actions

Copy link
Copy Markdown
Contributor

📊 Performance Benchmark Report

Comparing dev (baseline) vs interactsh-upgrade-fix (current)

📈 Detailed Results (All Benchmarks)

📋 Complete results for all benchmarks - includes both significant and insignificant changes

🧪 Test Name 📏 Base 📏 Current 📈 Change 🎯 Status
Bloom Filter Dns Mutation Tracking Performance 4.20ms 4.23ms +0.7%
Bloom Filter Large Scale Dns Brute Force 17.99ms 18.01ms +0.1%
Large Closest Match Lookup 359.56ms 355.13ms -1.2%
Realistic Closest Match Workload 192.60ms 193.72ms +0.6%
Event Validation Full Scan Startup Small Batch 483.76ms 491.90ms +1.7%
Event Validation Full Scan Startup Large Batch 833.08ms 837.40ms +0.5%
Make Event Autodetection Small 31.55ms 30.97ms -1.8%
Make Event Autodetection Large 317.39ms 316.59ms -0.3%
Make Event Explicit Types 14.07ms 14.09ms +0.1%
Excavate Single Thread Small 4.094s 4.085s -0.2%
Excavate Single Thread Large 10.083s 10.249s +1.6%
Excavate Parallel Tasks Small 4.307s 4.269s -0.9%
Excavate Parallel Tasks Large 7.492s 7.433s -0.8%
Is Ip Performance 3.17ms 3.20ms +0.9%
Make Ip Type Performance 11.57ms 11.50ms -0.6%
Mixed Ip Operations 4.50ms 4.52ms +0.5%
Typical Queue Shuffle 61.61µs 63.49µs +3.1%
Priority Queue Shuffle 692.23µs 710.71µs +2.7%

🎯 Performance Summary

No significant performance changes detected (all changes <10%)


🐍 Python Version 3.11.14

@liquidsec liquidsec merged commit eb548fd into dev Feb 23, 2026
17 checks passed
@codecov

codecov Bot commented Feb 23, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 92%. Comparing base (06d806a) to head (0ad651e).
⚠️ Report is 11 commits behind head on dev.

Additional details and impacted files
@@          Coverage Diff          @@
##             dev   #2919   +/-   ##
=====================================
+ Coverage     92%     92%   +1%     
=====================================
  Files        416     416           
  Lines      34467   34468    +1     
=====================================
+ Hits       31420   31428    +8     
+ Misses      3047    3040    -7     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@liquidsec liquidsec mentioned this pull request Jun 9, 2026
@liquidsec liquidsec deleted the interactsh-upgrade-fix branch June 10, 2026 00:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants