Merge pull request #408 from projectdiscovery/bugfix-response-encoding

adding gunzip in response dump
2025-12-22 10:35:26 +00:00 · 2020-11-20 15:12:55 +05:30 · 2020-11-20 15:12:55 +05:30 · 06ccce19be
commit 06ccce19be
parent d14c1c71a3 3739d105f1
2 changed files with 15 additions and 6 deletions
--- a/v2/pkg/executer/executer_http.go
+++ b/v2/pkg/executer/executer_http.go
@ -1,6 +1,7 @@
 package executer

 import (
+	"bytes"
 	"context"
 	"crypto/tls"
 	"fmt"
@ -462,14 +463,14 @@ func (e *HTTPExecuter) handleHTTP(reqURL string, request *requests.HTTPRequest,

 	duration := time.Since(timeStart)

+	// Dump response - Step 1 - Decompression not yet handled
+	var dumpedResponse []byte
 	if e.debug {
-		dumpedResponse, dumpErr := httputil.DumpResponse(resp, true)
+		var dumpErr error
+		dumpedResponse, dumpErr = httputil.DumpResponse(resp, true)
 		if dumpErr != nil {
 			return errors.Wrap(dumpErr, "could not dump http response")
 		}
-
-		gologger.Infof("Dumped HTTP response for %s (%s)\n\n", reqURL, e.template.ID)
-		fmt.Fprintf(os.Stderr, "%s\n", string(dumpedResponse))
 	}

 	data, err := ioutil.ReadAll(resp.Body)
@ -489,11 +490,19 @@ func (e *HTTPExecuter) handleHTTP(reqURL string, request *requests.HTTPRequest,

 	// net/http doesn't automatically decompress the response body if an encoding has been specified by the user in the request
 	// so in case we have to manually do it
+	dataOrig := data
 	data, err = requests.HandleDecompression(request, data)
 	if err != nil {
 		return errors.Wrap(err, "could not decompress http body")
 	}

+	// Dump response - step 2 - replace gzip body with deflated one or with itself (NOP operation)
+	if e.debug {
+		dumpedResponse = bytes.ReplaceAll(dumpedResponse, dataOrig, data)
+		gologger.Infof("Dumped HTTP response for %s (%s)\n\n", reqURL, e.template.ID)
+		fmt.Fprintf(os.Stderr, "%s\n", string(dumpedResponse))
+	}
+
 	// if nuclei-project is enabled store the response if not previously done
 	if e.pf != nil && !fromcache {
 		err := e.pf.Set(dumpedRequest, resp, data)
--- a/v2/pkg/requests/util.go
+++ b/v2/pkg/requests/util.go
@ -35,8 +35,8 @@ func HandleDecompression(r *HTTPRequest, bodyOrig []byte) (bodyDec []byte, err e
 		return bodyOrig, nil
 	}

-	encodingHeader := strings.ToLower(r.Request.Header.Get("Accept-Encoding"))
-	if encodingHeader == "gzip" {
+	encodingHeader := strings.TrimSpace(strings.ToLower(r.Request.Header.Get("Accept-Encoding")))
+	if encodingHeader == "gzip" || encodingHeader == "gzip, deflate" {
 		gzipreader, err := gzip.NewReader(bytes.NewReader(bodyOrig))
 		if err != nil {
 			return bodyDec, err