Permalink
Browse files

AFL : integrate fuzz_build and fuzz (#350)

* fuzzz

* build

* make fuzz_build to build fuzzing env

* samples for afl

* fuzz_build and fuzz work standalone

* conf separated for fuzz and ut

* core patch

* up

* del

* del too big samples

* relative path for afl

* fix afl-clang-fast

* clone preeny over https

* clone over https

* Clean up a bit the Makefile

* Improve the make clean

* add ifdef guard to be able to use afl-clang instead of afl-clang-fast

* build correctly afl-clang-fast

* up

* clean all

* build

* build

* build

* build

* up

* deploy static

* static

* up

* up

* Revert "add ifdef guard to be able to use afl-clang instead of afl-clang-fast"

This reverts commit 1b8bff3.

* fix patch

* reduced cases

* tests

* moar faster

* fuzzing faster

* move fork server

* fix makefile for targets

* travis perl5

* fix CI for gcc

* CI for GCC (force COV)

* travis, clang again

* travis, remove coverage from CI tests

* ain't nobody got time for that

* up, dashboard screencap in readme.md for moar sexyness

* add url encoding
  • Loading branch information...
buixor authored and blotus committed Feb 23, 2017
1 parent 6a0378e commit 02dfdb4f7d4d2dc92cb8acacd278c3f55387f256
View
@@ -10,7 +10,7 @@ cache:
env:
global:
- VER_NGINX=1.9.11
- COV=1
- COV=0
compiler:
- clang
@@ -27,7 +27,7 @@ install:
- cd ./naxsi_src
- if [ "$CC" == "clang" ]; then COV=0; fi
- make
- cpanm -v --notest Test::Nginx
- sudo cpanm -v --notest Test::Nginx
before_script:
- lcov --directory "../nginx-${VER_NGINX}" --zerocounters
@@ -39,7 +39,3 @@ after_failure:
- cat /tmp/ngx_error.log
- cat /tmp/ngx_access.log
after_success:
- lcov --list naxsi.info
- coveralls-lcov --repo-token ${COVERALLS_TOKEN} naxsi.info
View
@@ -50,3 +50,7 @@ It depends on `libpcre` for its regexp support, and is reported to work great on
- The [documentation](https://github.com/nbs-system/naxsi/wiki)
- Some [rules]( https://github.com/nbs-system/naxsi-rules ) for mainstream software
- The [nxapi/nxtool]( https://github.com/nbs-system/naxsi/tree/master/nxapi ) to generate rules
<img alt="nxapi-dashboard logo" src="https://raw.githubusercontent.com/wiki/nbs-system/naxsi/Images/kibana.png" align="center"/>
View
@@ -1,49 +1,73 @@
CORE_VERS := $(shell grep NAXSI_VERSION naxsi.h | cut -d '"' -f 2)
MOD_PATH := $(shell pwd)
TMP_DIR := /tmp/nginx/
TMP_DIR := /tmp/nginx/
# Keys for coverity
CAN :=
CAK :=
#Set to 1 if you want coverage report
COV ?= 1
#Mode: coverage, fuzz, or base
COV ?= 0
FUZZ ?= 0
STOCK ?= 1
#Allows to force for specific UT only
#TEST := "29*.t"
NGINX_VERS := "1.9.11"
NGINX_OPTIONS="--error-log-path=/tmp/naxsi_ut/error.log"
NGINX_OPTIONS="--with-select_module"
NGINX_OPTIONS+="--conf-path=/tmp/naxsi_ut/nginx.conf"
NGINX_OPTIONS+="--http-client-body-temp-path=/tmp/naxsi_ut/body/"
NGINX_OPTIONS+="--http-fastcgi-temp-path=/tmp/naxsi_ut/fastcgi/"
NGINX_OPTIONS+="--http-log-path=/tmp/naxsi_ut/access.log"
NGINX_OPTIONS+="--http-proxy-temp-path=/tmp/naxsi_ut/proxy/"
NGINX_OPTIONS+="--lock-path=/tmpnginx.lock"
NGINX_OPTIONS+="--pid-path=/tmp/naxsi_ut/nginx.pid"
NGINX_OPTIONS+="--modules-path=/tmp/naxsi_ut/modules/"
NGINX_OPTIONS+="--with-http_ssl_module"
NGINX_OPTIONS+="--without-mail_pop3_module"
NGINX_OPTIONS+="--without-mail_smtp_module"
NGINX_OPTIONS+="--without-mail_imap_module"
NGINX_OPTIONS+="--without-http_uwsgi_module"
NGINX_OPTIONS+="--without-http_scgi_module"
NGINX_OPTIONS+="--add-dynamic-module=$(MOD_PATH)"
NGINX_OPTIONS+="--with-ipv6"
#dynamic or not NGINX_OPTIONS+="--add-dynamic-module=$(MOD_PATH)"
NGINX_OPTIONS+="--prefix=/tmp"
NGINX_OPTIONS+="--with-debug"
CFLAGS:="-Wall -Wextra"
all: nginx_download configure build install deploy
re: clean all test
FUZZ_PATH := "../fuzz"
AFL_PATH := $(PWD)"/"$(FUZZ_PATH)"/afl/"
install_afl:
mkdir -p $(FUZZ_PATH)
cd $(FUZZ_PATH) && (wget -nc --no-clobber "http://lcamtuf.coredump.cx/afl/releases/afl-latest.tgz" || exit 1)
cd $(FUZZ_PATH) && (test -d $(AFL_PATH) || (mkdir $(FUZZ_PATH)"/afl" && tar -C $(AFL_PATH)/ -xzf afl-latest.tgz --strip-components=1))
cd $(FUZZ_PATH) && (make -C $(AFL_PATH) && make -C $(AFL_PATH)"/llvm_mode" clean all afl-clang-fast)
install_preeny:
cd $(FUZZ_PATH) && (test -d preeny || git clone https://github.com/zardus/preeny.git)
cd $(FUZZ_PATH) && make -C preeny/src/
fuzz_build: install_afl install_preeny
mkdir -p $(FUZZ_PATH)
STOCK=0 FUZZ=1 make nginx_download
cd $(TMP_DIR) && patch -p1 "./src/core/ngx_cycle.c" < $(MOD_PATH)"/../t/confs/ngx_cycle.patch"
cd $(TMP_DIR) && patch -p1 "./src/os/unix/ngx_process_cycle.c" < $(MOD_PATH)"/../t/confs/ngx_process_cycle.patch"
STOCK=0 FUZZ=1 make configure build install deploy
fuzz:
LD_PRELOAD=$(FUZZ_PATH)"/preeny/src/desock.so" $(AFL_PATH)"afl-fuzz" -t 10 -i "../t/fuzz/" -o $(FUZZ_PATH)/findings $(TMP_DIR)/objs/nginx
clean:
rm -f "nginx-"$(NGINX_VERS)".tar.gz"
rm -f "nginx-"$(NGINX_VERS)".tar.gz.asc"
rm -rf /tmp/naxsi_ut/
rm -rf $(TMP_DIR)/
rm -rf $(FUZZ_PATH)/
nginx_download:
wget --no-clobber "http://nginx.org/download/nginx-"$(NGINX_VERS)".tar.gz" || exit 1
@@ -54,21 +78,33 @@ nginx_download:
tar -C $(TMP_DIR)/ -xzf nginx-$(NGINX_VERS).tar.gz --strip-components=1
configure:
#build non dynamic module (faster) for fuzz/afl
ifeq ($(FUZZ),1)
cd $(TMP_DIR)/ && AFL_PATH=$(AFL_PATH) ./configure --with-cc=$(AFL_PATH)"/llvm_mode/afl-clang-fast" --with-cc-opt="-O3" $(NGINX_OPTIONS) --add-module=$(MOD_PATH) --error-log-path=/dev/null --http-log-path=/dev/null
endif
ifeq ($(COV),1)
cd $(TMP_DIR)/ && ./configure --with-cc-opt="--coverage -g3 -gstabs" --with-ld-opt="-lgcov" $(NGINX_OPTIONS)
else
cd $(TMP_DIR)/ && ./configure --with-cc-opt="-g3 -ggdb" $(NGINX_OPTIONS)
cd $(TMP_DIR)/ && ./configure --with-cc-opt="--coverage -g3 -gstabs" --with-ld-opt="-lgcov" $(NGINX_OPTIONS) --add-dynamic-module=$(MOD_PATH) --error-log-path=/tmp/naxsi_ut/error.log --conf-path=/tmp/naxsi_ut/nginx.conf
endif
ifeq ($(STOCK),1)
cd $(TMP_DIR)/ && ./configure --with-cc-opt="-g3 -ggdb" $(NGINX_OPTIONS) --add-dynamic-module=$(MOD_PATH) --error-log-path=/tmp/naxsi_ut/error.log --conf-path=/tmp/naxsi_ut/nginx.conf
endif
build:
cd $(TMP_DIR)/ && make
if [ -d "/tmp/naxsi_ut" ] ; then cp $(TMP_DIR)/objs/ngx_http_naxsi_module.so /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so ; fi
AFL_PATH=$(AFL_PATH) make -C $(TMP_DIR)
if [ -d "/tmp/naxsi_ut" ] && [ -f $(TMP_DIR)/objs/ngx_http_naxsi_module.so ] ; then cp $(TMP_DIR)/objs/ngx_http_naxsi_module.so /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so ; fi
install:
cd $(TMP_DIR)/ && make install
make -C $(TMP_DIR) install
deploy:
@cp ./nginx.conf.example /tmp/naxsi_ut/nginx.conf
deploy:
ifeq ($(FUZZ),1)
@cp ../t/confs/nginx_fuzz.conf.example /tmp/naxsi_ut/nginx.conf
else
@cp ../t/confs/nginx.conf.example /tmp/naxsi_ut/nginx.conf
endif
@cp ../naxsi_config/naxsi_core.rules /tmp/naxsi_ut/naxsi_core.rules
@@ -77,13 +113,10 @@ test:
ifeq ($(COV),1)
lcov --directory $(TMP_DIR) --zerocounters
endif
if [ ! $(TEST) ] ; then TEST="*.t" ; fi
export PATH="$(TMP_DIR)/objs/:"$(PATH) ; \
export PERL5LIB="~/perl5/lib/perl5/:/home/travis/perl5/lib/perl5/" ; \
export PERL5LIB="~/perl5/lib/perl5/" ;\
cd .. ; prove -r "t/$(TEST)"
ifeq ($(COV),1)
lcov --directory $(TMP_DIR)/objs/addon/naxsi_src/ --capture --output-file naxsi.info --base-directory $(TMP_DIR)
genhtml -s -o /tmp/naxsicov.html naxsi.info
@@ -1,8 +1,11 @@
master_process off;
worker_processes 1;
#worker_processes 1;
daemon off;
load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
events {
worker_connections 1024;
use select;
}
http {
include /tmp/naxsi_ut/naxsi_core.rules;
@@ -22,14 +25,16 @@ http {
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
error_log /tmp/ngx_error.log debug;
access_log /tmp/ngx_access.log;
root html;
index index.html index.htm;
return 200;
# error_log /tmp/ngx_error.log debug;
# access_log /tmp/ngx_access.log;
# root html;
# index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
return 500;
# root html;
}
}
}
@@ -0,0 +1,48 @@
master_process off;
daemon off;
#load_module /tmp/naxsi_ut/modules/ngx_http_naxsi_module.so;
events {
worker_connections 1024;
use select;
}
http {
MainRule "rx:select|union|update|delete|insert|table|from|ascii|hex|unhex|drop" "msg:sql keywords" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:4" id:1000;
MainRule "str:\"" "msg:double quote" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8,$XSS:8" id:1001;
MainRule "str:0x" "msg:0x, possible hex encoding" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:2" id:1002;
## Hardcore rules
MainRule "str:/*" "msg:mysql comment (/*)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1003;
MainRule "str:*/" "msg:mysql comment (*/)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1004;
MainRule "str:|" "msg:mysql keyword (|)" "mz:BODY|URL|ARGS|$HEADERS_VAR:Cookie" "s:$SQL:8" id:1005;
MainRule "str:`" "msg:grave accent (`)" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1314;
MainRule "rx:%[2|3]." "msg:double encoding" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$XSS:8" id:1315;
MainRule "str:&#" "msg:utf7/8 encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1400;
MainRule "str:%U" "msg:M$ encoding" "mz:ARGS|BODY|URL|$HEADERS_VAR:Cookie" "s:$EVADE:4" id:1401;
MainRule "rx:\.ph|\.asp|\.ht" "msg:asp/php file upload" "mz:FILE_EXT" "s:$UPLOAD:8" id:1500;
# include /tmp/naxsi_ut/naxsi_core.rules;
# include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 4242;
server_name localhost;
location / {
LearningMode;
SecRulesEnabled;
DeniedUrl "/50x.html";
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
return 200;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
return 500;
}
}
}
View
@@ -0,0 +1,13 @@
--- a/src/core/ngx_cycle.c.orig 2016-02-09 15:11:57.000000000 +0100
+++ b/src/core/ngx_cycle.c 2016-12-12 18:05:53.832725017 +0100
--- nginx/src/core/ngx_cycle.c 2016-02-09 15:11:57.000000000 +0100
+++ ngx_cycle.c 2016-12-13 09:49:47.762221499 +0100
@@ -602,6 +602,8 @@
}
}
+ __AFL_INIT();
+
if (ngx_open_listening_sockets(cycle) != NGX_OK) {
goto failed;
}
@@ -0,0 +1,25 @@
--- a/src/os/unix/ngx_process_cycle.c.orig 2016-02-09 15:11:58.000000000 +0100
+++ a/src/os/unix/ngx_process_cycle.c 2016-12-12 15:05:21.000000000 +0100
@@ -303,7 +303,11 @@
}
}
+
+ int ran_once=0;
+
for ( ;; ) {
+
ngx_log_debug0(NGX_LOG_DEBUG_EVENT, cycle->log, 0, "worker cycle");
ngx_process_events_and_timers(cycle);
@@ -337,6 +341,11 @@
ngx_log_error(NGX_LOG_NOTICE, cycle->log, 0, "reopening logs");
ngx_reopen_files(cycle, (ngx_uid_t) -1);
}
+
+ ran_once += 1;
+ //printf("ran : %d\n", ran_once);
+ if (ran_once == 2) exit(0);
+
}
}
View
@@ -0,0 +1,30 @@
POST / HTTP/1.1
Host: localhost
Connection: close
Content-Type: application/json
Content-Length: 542
{
"glossary": {
"title": "example glossary",
"GlossDiv": {
"title": "S",
"GlossList": {
"GlossEntry": {
"ID": "SGML",
"SortAs": "SGML",
"GlossTerm": "Standard Generalized Markup Language",
"Acronym": "SGML",
"Abbrev": "ISO 8879:1986",
"GlossDef": {
"para": "A meta-markup language used to create markup languages such as DocBook.",
"GlossSeeAlso": ["GML", "XML"]
},
"GlossSee": "markup"
}
}
}
}
}}
View
@@ -0,0 +1,22 @@
POST / HTTP/1.1
Host: localhost
Connection: close
Content-Type: multipart/form-data; boundary=---------------------------103832778631715
Content-Length: 4449
-----------------------------103832778631715
Content-Disposition: form-data; name="name"
azzzo
-----------------------------103832778631715
Content-Disposition: form-data; name="married"
not single
-----------------------------103832778631715
Content-Disposition: form-data; name="male"
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
-----------------------------103832778631715--
@@ -0,0 +1,4 @@
GET /?a=1%23PTTmJopxdWJ%0AAND%23cWfcVRPV%0A9227=9227 HTTP/1.0
View
@@ -0,0 +1,6 @@
GET /bla?/bla=1999&bu=1998 HTTP/1.1
Host: localhost
Connection: close
View
@@ -0,0 +1,14 @@
POST /test_uri HTTP/1.1
Host: localhost
Connection: close
Content-Type: application/json
Content-Length: 183
{
"oh" : ["there", "is", "no", "way"],
"this" : { "will" : ["work", "does"],
"it" : "??" },
"trigger" : {"test_1234" : ["foobar", "will", "trigger", "it"]},
"foo" : "baar"
}
Oops, something went wrong.

0 comments on commit 02dfdb4

Please sign in to comment.