go1.19 std h1/h2 native unsafe http #112
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Mzack9999
added
the
Type: Enhancement
tarunKoyalwar
requested changes
May 19, 2023
Member
tarunKoyalwar
left a comment
tarunKoyalwar
left a comment
There was a problem hiding this comment.
was able to test h1 example provided at example/httpclient/h1/main.go
$ go run .
[*] standard request
------------------------------
[+] Request:
GET /standard HTTP/1.1
Host: scanme.sh
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip
[+] Response:
HTTP/1.1 200 OK
Content-Length: 2
Content-Type: text/plain; charset=utf-8
Date: Fri, 19 May 2023 12:20:23 GMT
ok
[*] request with invalid header:
------------------------------
[+] Request:
GET /invalid-header HTTP/1.1
Host: scanme.sh
User-Agent: Go-http-client/1.1
test test: test
Accept-Encoding: gzip
[+] Response:
HTTP/1.1 400 Bad Request: invalid header name
Connection: close
Content-Type: text/plain; charset=utf-8
400 Bad Request: invalid header name
[*] request with unescaped path
------------------------------
[+] Request:
GET /?bar=;&baz=foobar&abc&xyz=&ikj=n;m "'@ HTTP/1.1
Host: scanme.sh
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip
[+] Response:
HTTP/1.1 400 Bad Request
Connection: close
Content-Type: text/plain; charset=utf-8
400 Bad Request
[*] request with proxy (burp/proxify must be listening on port 8080)
------------------------------
[+] Request:
GET / HTTP/1.1
Host: scanme.sh
User-Agent: Go-http-client/1.1
Accept-Encoding: gzip
[+] Response:
HTTP/1.1 200 OK
Connection: close
Content-Length: 2
Content-Type: text/plain; charset=utf-8
Date: Fri, 19 May 2023 12:20:23 GMT
ok- example provided in h2/main.go does not seems to work
Suggesting Changes / Discussion
- since we are forking go stdlib we should update existing directory structure to make it more easy to read/review and maintain as well as to update based on any upstream changes
suggesting changing existing directory structure to
fork/crypto
fork/internal
fork/net
fork/README.md
fork/Notes.md
fork/metadata [if any]
^ seems necessary to provide proper/easy distinction b/w packages
by doing this we are sure all fork packages are available at /fork and we can implement some kind of diff to track any changes with std lib
-
Since we have forked stdlib packages i think it is necessary to make proper distinction b/w what fields / functions were added/updated. we could do this by following a naming convention such as
Custom_xxxorFork_xxxthat would provide proper distinction b/w newly added fields/functions . currently we are not following any convention so it is extremely difficult to find/validate changes (ref:)Lines 328 to 338 in 90440a1
-
we could also add unit tests for h1/main.go and h2/main.go
Comment on lines
+1
to
+47
| package main | ||
|
|
||
| import ( | ||
| "log" | ||
| "net" | ||
| "strings" | ||
|
|
||
| "github.com/projectdiscovery/rawhttp/crypto/tls" | ||
| "github.com/projectdiscovery/rawhttp/example/httpclient" | ||
|
|
||
| // normal | ||
| // "net/http" | ||
| // "golang.org/x/net/http2" | ||
| // weaponized | ||
| "github.com/projectdiscovery/rawhttp/net/http" | ||
| "github.com/projectdiscovery/rawhttp/net/http2" | ||
| ) | ||
|
|
||
| func main() { | ||
| log.SetFlags(0) | ||
| client := http.Client{ | ||
| Transport: &http2.Transport{ | ||
| AllowHTTP: true, | ||
| DialTLS: func(network, addr string, cfg *tls.Config) (net.Conn, error) { | ||
| return net.Dial(network, addr) | ||
| }, | ||
| }, | ||
| } | ||
|
|
||
| log.Println("[*] Malformed Header") | ||
| req, err := http.NewRequest("GET", "http://localhost:8000", nil) | ||
| if err != nil { | ||
| log.Fatal(err) | ||
| } | ||
| // some malformed header | ||
| req.Header.Add("TeSt ", "test") | ||
| req.Header["Test"] = []string{"test"} | ||
|
|
||
| _, err = httpclient.SendAndDump(&client, req) | ||
| if err != nil { | ||
| log.Printf("[Client] error: %s\n", err) | ||
| } | ||
|
|
||
| log.Println("[*] H2.CL desync") | ||
| // https://youtu.be/gAnDUoq1NzQ?t=672 - H2.CL desync | ||
| payload := "abcdGET /n HTTP/1.1\r\nHost: 02.rs?localhost\r\nFoo: bar" | ||
| req1, err := http.NewRequest(http.MethodPost, "http://localhost:8000/n", strings.NewReader(payload)) |
Member
There was a problem hiding this comment.
@Mzack9999 h2 seems to be not working at all . does this require any special setup i tried it with simplehttpserver but couldn't get it to work
$ (rawhttp/example/httpclient/h2) go run .
[*] Malformed Header
[Client] error: Get "http://localhost:8000": invalid HTTP header name "TeSt "
[*] H2.CL desync
[Client] error: Post "http://localhost:8000/n": unexpected EOF
[*] H2.TE desync
[Client] error: Post "http://localhost:8000/identify/XUI": read tcp [::1]:50913->[::1]:8000: read: connection reset by peer
[*] H2.TE via request header injection
[Client] error: Get "http://localhost:8000": invalid HTTP header name "TeSt "
[*] H2.TE via request splitting
[Client] error: Get "http://localhost:8000/": read tcp [::1]:50914->[::1]:8000: read: connection reset by peer
[*] H2.TE via request line injection
[Client] error: Get "http://localhost:8000/ignored": read tcp [::1]:50915->[::1]:8000: read: connection reset by peer
[*] Header name splitting
[Client] error: Post "http://localhost:8000/": read tcp [::1]:50916->[::1]:8000: read: connection reset by peer
[*] Fake path
[Client] error: Post "http://localhost:8000/": read tcp [::1]:50917->[::1]:8000: read: connection reset by peer
$ simplehttpserver
_____ _ __ __ __________________
/ ___/(_)___ ___ ____ / /__ / / / /_ __/_ __/ __ \________ ______ _____ _____
\__ \/ / __ -__ \/ __ \/ / _ \/ /_/ / / / / / / /_/ / ___/ _ \/ ___/ | / / _ \/ ___/
___/ / / / / / / / /_/ / / __/ __ / / / / / / ____(__ ) __/ / | |/ / __/ /
/____/_/_/ /_/ /_/ .___/_/\___/_/ /_/ /_/ /_/ /_/ /____/\___/_/ |___/\___/_/
/_/ - v0.0.5
projectdiscovery.io
Use with caution. You are responsible for your actions
Developers assume no liability and are not responsible for any misuse or damage.
Serving /Users/tarun/Codebase/rawhttp/example/httpclient/h2 on http://0.0.0.0:8000/
[2023-05-19 17:48:30] [::1]:50912 "PRI * HTTP/2.0" 405 10
[2023-05-19 17:48:30] [::1]:50913 "PRI * HTTP/2.0" 405 10
[2023-05-19 17:48:30] [::1]:50914 "PRI * HTTP/2.0" 405 10
[2023-05-19 17:48:30] [::1]:50915 "PRI * HTTP/2.0" 405 10
[2023-05-19 17:48:30] [::1]:50916 "PRI * HTTP/2.0" 405 10
[2023-05-19 17:48:30] [::1]:50917 "PRI * HTTP/2.0" 405 10
This was referenced Jun 14, 2023
|
@Mzack9999 when this pr be merged any timeline? |
Member
|
bump |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The PR covers the following issues: