Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Issue] httpx v1.0.6 does not process protocl://host:port value in stdin #277

Closed
osamahamad opened this issue May 17, 2021 · 3 comments · Fixed by #282, #286 or #287
Closed

[Issue] httpx v1.0.6 does not process protocl://host:port value in stdin #277

osamahamad opened this issue May 17, 2021 · 3 comments · Fixed by #282, #286 or #287
Assignees
@Mzack9999
Labels
Priority: High After critical issues are fixed, these should be dealt with before any further issues. Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Milestone
v1.0.7

Comments

@osamahamad
Copy link

Sometimes httpx is not only for probing hosts and checking ports, it is nice to see that some of features can be used instead of building another tools from scratch to do the same job.

For example using -match-string flag on a list of URLs to check for specific string in response:

Stdin example:

https://example.com
http://example.com
http://example.com/good/
http://example.com/goo/bad?url=<h1>asdasd</h1>
.
.

Will go through, but when stdin have something like protocol + port number , i.e: http://example:80/good/bad?url=<h1>asdasd</h1>

It seems on my side that this will not be processed and the request will not sent to http://example:80/good/bad?url=<h1>asdasd</h1>

Example:
qsreplace simply change parameter values in a list of URLs: https://github.com/tomnomnom/qsreplace

gau testphp.vulnweb.com | grep '=' | qsreplace '"><h1>asdasd</h1>' | while read host;do curl -s --path-as-is -k -L "$host" | grep -qs "<h1>asdasd</h1>" && echo "$host" ;done

Will return ( Ignoring other 5 URLs ) :

http://testphp.vulnweb.com:80/hpp/?pp=%22%3E%3Ch1%3Easdasd%3C%2Fh1%3E

As it seems it sent a request to the last URL , found a string , print it.

But in

gau testphp.vulnweb.com | grep '=' | qsreplace '"><h1>asdasd</h1>' > 1.test

cat 1.test | httpx --follow-redirects -match-string "<h1>asdasd</h1>"

Supposed to return the same result of the above curl command, It miss the mentioned URL that have protocol specified.

http://testphp.vulnweb.com:80/hpp/?pp=%22%3E%3Ch1%3Easdasd%3C%2Fh1%3E

The expected behavior is to send request to http://testphp.vulnweb.com:80/hpp/?pp=%22%3E%3Ch1%3Easdasd%3C%2Fh1%3E like the other URLs in stdin and print the URL if the specified string in response found or simply just treating http://testphp.vulnweb.com:80 same as http://testphp.vulnweb.com or testphp.vulnweb.com since last two will be processed without problems.

I did not test it on other than port 80 but if my assumption is true then it will miss the other URLs like http://example.com:8000 ..etc.
@ehsandeep
Copy link
Member

@osamahamad looks this is a bug introduced in the last release of httpx v1.0.6 and related to #276

Working as expected with the previous version, for example, with httpx v1.0.5

echo 'http://testphp.vulnweb.com:80/hpp/?pp=%22%3E%3Ch1%3Easdasd%3C%2Fh1%3E' | httpx

    __    __  __       _  __
   / /_  / /_/ /_____ | |/ /
  / __ \/ __/ __/ __ \|   /
 / / / / /_/ /_/ /_/ /   |
/_/ /_/\__/\__/ .___/_/|_|
             /_/              v1.0.5

		projectdiscovery.io

Use with caution. You are responsible for your actions
Developers assume no liability and are not responsible for any misuse or damage.
http://testphp.vulnweb.com:80/hpp/?pp=%22%3E%3Ch1%3Easdasd%3C%2Fh1%3E

@ehsandeep ehsandeep changed the title Issue: httpx does not process protocl://host:port value in stdin [Issue] httpx does not process protocl://host:port value in stdin May 17, 2021
@ehsandeep ehsandeep added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label May 17, 2021
@ehsandeep ehsandeep changed the title [Issue] httpx does not process protocl://host:port value in stdin [Issue] httpx v1.0.6 does not process protocl://host:port value in stdin May 17, 2021
@ehsandeep ehsandeep added Priority: High After critical issues are fixed, these should be dealt with before any further issues. Status: Available No one has claimed responsibility for resolving this issue labels May 17, 2021
This was referenced May 17, 2021
Closed
Closed
@ehsandeep ehsandeep self-assigned this May 22, 2021
@ehsandeep ehsandeep added this to the v1.0.7 milestone May 22, 2021
@ehsandeep ehsandeep assigned Mzack9999 and unassigned ehsandeep May 22, 2021
@ehsandeep ehsandeep mentioned this issue May 23, 2021
Merged
@Mzack9999 Mzack9999 linked a pull request May 23, 2021 that will close this issue
Fixing full URL parsing #282
Merged
@ehsandeep
Copy link
Member

This is now fixed in #282

@ehsandeep ehsandeep added Status: Completed Nothing further to be done with this issue. Awaiting to be closed. and removed Status: Available No one has claimed responsibility for resolving this issue labels May 25, 2021
@ehsandeep ehsandeep linked a pull request May 26, 2021 that will close this issue
v1.0.7 Release #286
Merged
@ehsandeep
Copy link
Member

@osamahamad thanks for reporting, this is now supported in the latest release of httpx v1.0.7

@Mzack9999 Mzack9999 linked a pull request May 26, 2021 that will close this issue
Fixing fallback logic #287
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mzack9999 Mzack9999

Labels
Priority: High After critical issues are fixed, these should be dealt with before any further issues. Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
v1.0.7
3 participants
@ehsandeep @Mzack9999 @osamahamad