Nothing Special   »   [go: up one dir, main page]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Mishandling of whitespace for supplied request headers #1122

Closed
soutzis opened this issue Apr 17, 2024 · 5 comments · Fixed by #1114
Closed

[BUG] Mishandling of whitespace for supplied request headers #1122

soutzis opened this issue Apr 17, 2024 · 5 comments · Fixed by #1114
Labels
bug Something isn't working

Comments

@soutzis
Copy link
soutzis commented Apr 17, 2024

Describe the bug
When manually supplying headers (-H option) for a scan, feroxbuster does not gracefully handle whitespace and will add one (1) additional whitespace character after the Host: prefix.

To Reproduce
Start a scan while supplying the host header with the -H flag. You can capture the request with your proxy server and observe that there will always be n+1 whitespace characters, where n is the amount of whitespace characters supplied by the user.

Expected behavior
Ideally, the excess whitespace should be stripped. When no whitespace is provided, the tool correctly adds a whitespace character and that functionality should be preserved.

Traceback / Error Output
image
The above command shows that 1 space is added after the Host HTTP header, as is normally expected.

image
The screenshot shows (highlighted in red) that an additional whitespace character is added.

Environment (please complete the following information):

  • Feroxbuster 2.10.2 (bug observed in previous versions as well)
  • Windows 11
@soutzis soutzis added the bug Something isn't working label Apr 17, 2024
@epi052
Copy link
Owner
epi052 commented Apr 17, 2024

howdy and thanks for submitting!

is it only the host header?

@soutzis
Copy link
Author
soutzis commented Apr 17, 2024

Just checked, it seems that it's all headers added manually.
image
image

@epi052
Copy link
Owner
epi052 commented Apr 17, 2024

Yea, I jumped the gun asking. It's an easy fix, I'm just trying to set it up to handle this case specifically and still allow for intentional leading whitespace

@epi052 epi052 mentioned this issue Apr 18, 2024
Merged
17 tasks
@epi052
Copy link
Owner
epi052 commented Apr 27, 2024

@all-contributors add @soutzis for bug

@allcontributors allcontributors bot mentioned this issue Apr 27, 2024
Merged
@allcontributors AllContributors
Copy link
Contributor

@epi052

I've put up a pull request to add @soutzis! 🎉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

1105 - improve json logs for post processing epi052/feroxbuster
2 participants
@soutzis @epi052