External/nuclei
1
0
Fork 0
mirror of https://github.com/projectdiscovery/nuclei.git synced 2025-12-22 12:05:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #408 from projectdiscovery/bugfix-response-encoding

Browse Source 
adding gunzip in response dump
This commit is contained in:
bauthard 2020-11-20 15:12:55 +05:30 committed by GitHub
commit 06ccce19be
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
v2/pkg/executer/executer_http.go
View File

@ -1,6 +1,7 @@
package executer package executer
import ( import (
"bytes"
"context" "context"
"crypto/tls" "crypto/tls"
"fmt" "fmt"
@ -462,14 +463,14 @@ func (e *HTTPExecuter) handleHTTP(reqURL string, request *requests.HTTPRequest,
duration := time.Since(timeStart) duration := time.Since(timeStart)
// Dump response - Step 1 - Decompression not yet handled
var dumpedResponse []byte
if e.debug { if e.debug {
dumpedResponse, dumpErr := httputil.DumpResponse(resp, true) var dumpErr error
dumpedResponse, dumpErr = httputil.DumpResponse(resp, true)
if dumpErr != nil { if dumpErr != nil {
return errors.Wrap(dumpErr, "could not dump http response") return errors.Wrap(dumpErr, "could not dump http response")
} }
gologger.Infof("Dumped HTTP response for %s (%s)\n\n", reqURL, e.template.ID)
fmt.Fprintf(os.Stderr, "%s\n", string(dumpedResponse))
} }
data, err := ioutil.ReadAll(resp.Body) data, err := ioutil.ReadAll(resp.Body)
@ -489,11 +490,19 @@ func (e *HTTPExecuter) handleHTTP(reqURL string, request *requests.HTTPRequest,
// net/http doesn't automatically decompress the response body if an encoding has been specified by the user in the request // net/http doesn't automatically decompress the response body if an encoding has been specified by the user in the request
// so in case we have to manually do it // so in case we have to manually do it
dataOrig := data
data, err = requests.HandleDecompression(request, data) data, err = requests.HandleDecompression(request, data)
if err != nil { if err != nil {
return errors.Wrap(err, "could not decompress http body") return errors.Wrap(err, "could not decompress http body")
} }
// Dump response - step 2 - replace gzip body with deflated one or with itself (NOP operation)
if e.debug {
dumpedResponse = bytes.ReplaceAll(dumpedResponse, dataOrig, data)
gologger.Infof("Dumped HTTP response for %s (%s)\n\n", reqURL, e.template.ID)
fmt.Fprintf(os.Stderr, "%s\n", string(dumpedResponse))
}
// if nuclei-project is enabled store the response if not previously done // if nuclei-project is enabled store the response if not previously done
if e.pf != nil && !fromcache { if e.pf != nil && !fromcache {
err := e.pf.Set(dumpedRequest, resp, data) err := e.pf.Set(dumpedRequest, resp, data)

4
v2/pkg/requests/util.go
View File

@ -35,8 +35,8 @@ func HandleDecompression(r *HTTPRequest, bodyOrig []byte) (bodyDec []byte, err e
return bodyOrig, nil return bodyOrig, nil
} }
encodingHeader := strings.ToLower(r.Request.Header.Get("Accept-Encoding")) encodingHeader := strings.TrimSpace(strings.ToLower(r.Request.Header.Get("Accept-Encoding")))
if encodingHeader == "gzip" { if encodingHeader == "gzip" || encodingHeader == "gzip, deflate" {
gzipreader, err := gzip.NewReader(bytes.NewReader(bodyOrig)) gzipreader, err := gzip.NewReader(bytes.NewReader(bodyOrig))
if err != nil { if err != nil {
return bodyDec, err return bodyDec, err