You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Recently I came up to a few public proxies that were returning 407 status code with Proxy-Authenticate response header while also missing final CRLF to indicate end-of-headers. Curl with such a proxy will repeat the CONNECT request indefinitely.
Here is how to reproduce it:
#!/usr/bin/env pythonimportsockets=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server_address= ('localhost', 8787)
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.bind(server_address)
s.listen(1)
whileTrue:
connection, client_address=s.accept()
data=connection.recv(1024)
connection.sendall(b'HTTP/1.1 407 Authentication Required\r\n')
connection.sendall(b'Proxy-Authenticate: Basic\r\n')
# with this line it will work fine#connection.sendall(b'\r\n')connection.close()
I did this
Recently I came up to a few public proxies that were returning 407 status code with Proxy-Authenticate response header while also missing final CRLF to indicate end-of-headers. Curl with such a proxy will repeat the CONNECT request indefinitely.
Here is how to reproduce it:
curl -v -x http://localhost:8787 https://example.com
I expected the following
It should end up with some error instead.
curl/libcurl version
curl 7.75.0 (x86_64-pc-linux-musl) libcurl/7.75.0 OpenSSL/1.1.1k zlib/1.2.11 libssh2/1.9.0 nghttp2/1.41.0
Release-Date: 2021-02-03
Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS HTTP2 HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TLS-SRP UnixSockets
operating system
Linux flanker 5.4.0-70-generic 78-Ubuntu SMP Fri Mar 19 13:29:52 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
The text was updated successfully, but these errors were encountered: