Comments (5)
stryker2k2
commented on June 15, 2024
1
I am just glancing quickly to see where I would start on his adventure.
Are you thinking that, for the first line "HTTP_RESPONSE" in the first snippet, that the url of "https://irmaservices.nps.gov/arcgis/rest/%E2%80%9Dhttps:/www.nps.gov/lib/bootstrap/3.3.2/css/nps-bootstrap.min.css%22" is the wrong format?
If so, then... yes... I would agree.
After throwing that string into a URL Decoder, I get...
"https://irmaservices.nps.gov/arcgis/rest/”https:/www.nps.gov/lib/bootstrap/3.3.2/css/nps-bootstrap.min.css""
The URL Encoded string of %E2%80%9D and %22 are both equivilant to ". So, either we need to account for that on our end. or there is something fishy with your But, that's just me glancing at this and thinking out loud.bbot -t target.txt text file.
Has it happened since? Do you have a debug.log that correlates with those snippets? I tried grepping through that debug.log but I couldn't find %E2%80%9D anywhere.
After thought (thanks to Paul):
The "module_sequence" is "httpx"... so that concatenation of those urls would be on our side. I'll dive into it.
from bbot.
amiremami
commented on June 15, 2024
1
@stryker2k2 thank you so much 🙏 You can find these in output.ndjson which I uploaded here:
https://drive.proton.me/urls/8KTKPZ8D04#MNYh5yfHn2IM
from bbot.
liquidsec
commented on June 15, 2024
Hey @amiremami , were you running paramminer on that scan?
from bbot.
amiremami
commented on June 15, 2024
Hey : ) Yes, here is my debug.log if it's useful.
debug.log
from bbot.
TheTechromancer
commented on June 15, 2024
This may be a symptom of the recursive decoding we're doing prior to URL excavation.
from bbot.
Related Issues (20)
- Filedownload.handle_event (url_unverified) HOT 1
- Badsecrets taking a long time HOT 3
- Git clone interacting with console HOT 1
- SSLCert: duplicate malformed certificates HOT 1
- Bug in IIS Shortnames HOT 1
- Bug in BadDNS HOT 1
- Stdout dies mid-scan HOT 4
- ASN Error HOT 1
- Ability to set timeout on individual modules
- Option to Raise FILESYSTEM and WEBSCREENSHOTs as Base64 Blobs HOT 4
- Optimize scan status message HOT 1
- Better discovery path tracking for dnsbrute_mutations
- New Module: Apache Tika & `RAW_DATA` events HOT 11
- InternetDB: option to display open ports HOT 2
- WPScan Installation Error HOT 13
- Modile jwt_tool to check for jwts with certain CVE issues? HOT 2
- Enable Cookies By Default
- Don't Increment Scope Distance for Hostless Events HOT 2
- Optimize Neo4j
- Discrepancies in wappalyzer findings. HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bbot.