Comments (8)
Thanks for this report.
If you want to help more, could you create a Suricata-verify test out of this ?
from libhtp.
Could you test #351 ?
from libhtp.
Fix looks good. Thank you. Below is the log i now see.
{"timestamp":"2022-02-23T13:07:28.058210+0000","flow_id":1775922563793581,"in_iface":"lo","event_type":"http","src_ip":"127.0.0.1","src_port":33210,"dest_ip":"127.0.0.1","dest_port":3000,"proto":"6","tx_id":0,"http":{"hostname":"localhost","http_port":3000,"url":"/WebGoat/login1","http_user_agent":"curl/7.68.0","http_method":"POST","protocol":"HTTP/1.1","status":302,"redirect":"http://localhost:3000/WebGoat/login","length":0,"request_headers":[{"name":"Host","value":"localhost:3000"},{"name":"User-Agent","value":"curl/7.68.0"},{"name":"Accept","value":"*/*"},{"name":"Content-Length","value":"1417"},{"name":"Content-Type","value":"application/x-www-form-urlencoded"},{"name":"Expect","value":"100-continue"}],"response_headers":[{"name":"Connection","value":"keep-alive"},{"name":"Set-Cookie","value":"JSESSIONID=8DtreiCe0RbQqoZtVdzoBLFvc1WS1Hh562_0QaqR; path=/WebGoat"},{"name":"X-XSS-Protection","value":"1; mode=block"},{"name":"X-Content-Type-Options","value":"nosniff"},{"name":"X-Frame-Options","value":"DENY"},{"name":"Location","value":"http://localhost:3000/WebGoat/login"},{"name":"Content-Length","value":"0"},{"name":"Date","value":"Wed, 23 Feb 2022 13:07:28 GMT"}]}}
from libhtp.
Thanks for testing
from libhtp.
Thanks for testing
Is there a release this fix will be targetted for? Would help if you could let me know the release and approx time
from libhtp.
I think in will be in libhtp 0.5.40 which will be used by suricata 7.0rc1 and 6.0.5
cf https://redmine.openinfosecfoundation.org/issues/5146
from libhtp.
Thank you so much
from libhtp.
Fixed by #351
from libhtp.
Related Issues (20)
- Repeated headers are concatenated with ", ", which doesn't always work HOT 1
- underscore in htp_validate_hostname HOT 1
- gcc 7.1.1 implicit-fallthrough warning HOT 1
- libhtp crash at deal multiple decompression HOT 1
- Folded header field can be parsed as separate if there are no data available to peek into HOT 1
- Clean up response line vars if htp_treat_response_line_as_body HOT 1
- POST (multipart) arguments are skipped when field name is not in quotes HOT 9
- out of bounds read in authorization digest header parsing HOT 1
- Should Request direction not support Transfer-Coding or Content-Codings? HOT 1
- Is there a procedure for reporting vulnerabilities? HOT 1
- http pipelining is not ok HOT 13
- HTP_AUTH_UNRECOGNIZED for Bearer tokens HOT 7
- htp_connp_(res|req)_data_consumed do not include CONNECT HOT 5
- Bug report on libhtp( AddressSanitizer: SEGV) HOT 6
- Bug report on libhtp( AddressSanitizer: SEGV) HOT 7
- memory leak HOT 2
- Overlapping requests in logs HOT 7
- Response body data buffering and callback bug HOT 2
- may crash HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libhtp.