Comments (7)
catenacyber
commented on July 28, 2024
Could you share a pcap that exhibits this problem ?
"name":"Sec-Fetch-Site", "value":"same-oriPOST /getBalance"
Looks like something went wrong indeed
from libhtp.
Sachin-M-Desai
commented on July 28, 2024
Unfortunately, this happened on the prod where do not have much control over the environment. The customer was running a load test. This is as much information as we have today.
from libhtp.
catenacyber
commented on July 28, 2024
I am not sure I have enough input data to find and fix the bug.
It looks like some data was dropped between Sec-Fetch-Site: same-ori and POST /getBalance, data beginning with gin\n but I do not see how it could get dropped...
from libhtp.
Sachin-M-Desai
commented on July 28, 2024
What could help here? We usually wont be in a position to collect a pcap on prod (especially when it belongs to someone else). Will Suricata stats help here?
from libhtp.
catenacyber
commented on July 28, 2024
Could you provide the eve.json flow event about this http flow ?
from libhtp.
catenacyber
commented on July 28, 2024
Do you still need anything on this ?
from libhtp.
catenacyber
commented on July 28, 2024
Feel free to reopen with more details
from libhtp.
Related Issues (20)
- Folded header field can be parsed as separate if there are no data available to peek into HOT 1
- Clean up response line vars if htp_treat_response_line_as_body HOT 1
- POST (multipart) arguments are skipped when field name is not in quotes HOT 9
- out of bounds read in authorization digest header parsing HOT 1
- Should Request direction not support Transfer-Coding or Content-Codings? HOT 1
- Is there a procedure for reporting vulnerabilities? HOT 1
- http pipelining is not ok HOT 13
- HTP_AUTH_UNRECOGNIZED for Bearer tokens HOT 7
- htp_connp_(res|req)_data_consumed do not include CONNECT HOT 5
- Bug report on libhtp( AddressSanitizer: SEGV) HOT 6
- Bug report on libhtp( AddressSanitizer: SEGV) HOT 7
- Incomplete but 2 logs for same transaction (libhtp: 0.5.x) HOT 8
- memory leak HOT 2
- Response body data buffering and callback bug HOT 2
- may crash HOT 2
- The post request cannot be ended when use filesotre in suricata HOT 7
- double free in multipart processing
- In the case of packet loss, there can be a mismatch between the request and response of a transaction. HOT 1
- Add libhtp to vcpkg HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libhtp.