Skip to content

net/http: wish - optional turning off fixLength #34890

@govcert-ch

Description

@govcert-ch

No bug, just an idea/wish, Go version 1.13

In malware research, it is essential to be able to examine server responses in an unmodified form - it is common that malware CC servers reply with an error status code, but still embed essential data in its body (403 is notorious) that the malware interprets. Malware researchers sometimes write trackers that emulate certain malwares. These emulations mostly works fine with the current net/http client in Go, but it currently throws away the body completely if the server returns a status code 1xx, 204, or 304 - this occurs in transfer.go, fixLength and bodyAllowedForStatus functions. Of course this is RFC conforming, but malware authors could use this as a way to hide CC responses such that Go client would not see the body. So it would be nice to have a kind of raw support for such cases, maybe as an additional "bodyRaw" field.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions