adding flag to disable host header and content length

projectdiscovery · Oct 5, 2020 · 86ebb27 · 86ebb27
1 parent 6f52252
commit 86ebb27
Show file tree

Hide file tree

Showing 4 changed files with 24 additions and 7 deletions.
diff --git a/v2/go.mod b/v2/go.mod
@@ -13,7 +13,7 @@ require (
 	github.com/miekg/dns v1.1.31
 	github.com/pkg/errors v0.9.1
 	github.com/projectdiscovery/gologger v1.0.1
-	github.com/projectdiscovery/rawhttp v0.0.2-0.20201005001033-5c3b518c4288
+	github.com/projectdiscovery/rawhttp v0.0.2-0.20201005200949-0a5c878e6ee1
 	github.com/projectdiscovery/retryabledns v1.0.4
 	github.com/projectdiscovery/retryablehttp-go v1.0.1
 	github.com/stretchr/testify v1.5.1

diff --git a/v2/go.sum b/v2/go.sum
@@ -43,6 +43,12 @@ github.com/projectdiscovery/rawhttp v0.0.2-0.20200929200351-394a0e5b5a8a h1:+Mys
 github.com/projectdiscovery/rawhttp v0.0.2-0.20200929200351-394a0e5b5a8a/go.mod h1:PQERZAhAv7yxI/hR6hdDPgK1WTU56l204BweXrBec+0=
 github.com/projectdiscovery/rawhttp v0.0.2-0.20201005001033-5c3b518c4288 h1:0gWt2HFAIj1KP/aflQ0wjxRnSMAD0eECd/FGX+aA7F8=
 github.com/projectdiscovery/rawhttp v0.0.2-0.20201005001033-5c3b518c4288/go.mod h1:PQERZAhAv7yxI/hR6hdDPgK1WTU56l204BweXrBec+0=
+github.com/projectdiscovery/rawhttp v0.0.2-0.20201005194701-94f961939048 h1:o3ohMDTWYgTRQb7nivDZyk0acxEf7F2cG+qj8hdpCzc=
+github.com/projectdiscovery/rawhttp v0.0.2-0.20201005194701-94f961939048/go.mod h1:PQERZAhAv7yxI/hR6hdDPgK1WTU56l204BweXrBec+0=
+github.com/projectdiscovery/rawhttp v0.0.2-0.20201005200243-8cd4c43f84dc h1:Igp422RKczdlWm7XOEUpH3OCJxDGZ5L2oiAglbxtX6k=
+github.com/projectdiscovery/rawhttp v0.0.2-0.20201005200243-8cd4c43f84dc/go.mod h1:PQERZAhAv7yxI/hR6hdDPgK1WTU56l204BweXrBec+0=
+github.com/projectdiscovery/rawhttp v0.0.2-0.20201005200949-0a5c878e6ee1 h1:I3aE8ta92M2XbrYKNYOTlXhodxyH+zQOt1jIatorhQA=
+github.com/projectdiscovery/rawhttp v0.0.2-0.20201005200949-0a5c878e6ee1/go.mod h1:PQERZAhAv7yxI/hR6hdDPgK1WTU56l204BweXrBec+0=
 github.com/projectdiscovery/retryabledns v1.0.4 h1:0Va7qHlWQsIXjRLISTjzfN3tnJmHYDudY05Nu3IJd60=
 github.com/projectdiscovery/retryabledns v1.0.4/go.mod h1:/UzJn4I+cPdQl6pKiiQfvVAT636YZvJQYZhYhGB0dUQ=
 github.com/projectdiscovery/retryablehttp-go v1.0.1 h1:V7wUvsZNq1Rcz7+IlcyoyQlNwshuwptuBVYWw9lx8RE=

diff --git a/v2/pkg/executer/executer_http.go b/v2/pkg/executer/executer_http.go
@@ -188,7 +188,10 @@ func (e *HTTPExecuter) handleHTTP(reqURL string, request *requests.HTTPRequest,
 		// rawhttp
 		// burp uses "\r\n" as new line character
 		request.RawRequest.Data = strings.ReplaceAll(request.RawRequest.Data, "\n", "\r\n")
-		resp, err = e.rawHttpClient.DoRaw(request.RawRequest.Method, reqURL, request.RawRequest.Path, requests.ExpandMapValues(request.RawRequest.Headers), ioutil.NopCloser(strings.NewReader(request.RawRequest.Data)))
+		options := e.rawHttpClient.Options
+		options.AutomaticContentLength = request.RawRequest.AutomaticContentLength
+		options.AutomaticHostHeader = request.RawRequest.AutomaticHostHeader
+		resp, err = e.rawHttpClient.DoRawWithOptions(request.RawRequest.Method, reqURL, request.RawRequest.Path, requests.ExpandMapValues(request.RawRequest.Headers), ioutil.NopCloser(strings.NewReader(request.RawRequest.Data)), options)
 		if err != nil {
 			return err
 		}

diff --git a/v2/pkg/requests/bulk-http-request.go b/v2/pkg/requests/bulk-http-request.go
@@ -65,6 +65,10 @@ type BulkHTTPRequest struct {
 	Raw []string `yaml:"raw,omitempty"`
 	// Specify in order to skip request RFC normalization
 	Unsafe bool `yaml:"unsafe,omitempty"`
+	// DisableAutoHostname Enable/Disable Host header for unsafe raw requests
+	DisableAutoHostname bool `yaml:"disable-automatic-host-header,omitempty"`
+	// DisableAutoContentLength Enable/Disable Content-Length header for unsafe raw requests
+	DisableAutoContentLength bool `yaml:"disable-automatic-content-length-header,omitempty"`
 	// Internal Finite State Machine keeping track of scan process
 	gsfm *GeneratorFSM
 }
@@ -211,6 +215,8 @@ func (r *BulkHTTPRequest) handleRawWithPaylods(ctx context.Context, raw, baseURL
 
 	// rawhttp
 	if r.Unsafe {
+		rawRequest.AutomaticContentLength = !r.DisableAutoContentLength
+		rawRequest.AutomaticHostHeader = !r.DisableAutoHostname
 		return &HTTPRequest{RawRequest: rawRequest, Meta: genValues}, nil
 	}
 
@@ -310,11 +316,13 @@ func (c *CustomHeaders) Set(value string) error {
 
 // RawRequest defines a basic HTTP raw request
 type RawRequest struct {
-	FullURL string
-	Method  string
-	Path    string
-	Data    string
-	Headers map[string]string
+	FullURL                string
+	Method                 string
+	Path                   string
+	Data                   string
+	Headers                map[string]string
+	AutomaticHostHeader    bool
+	AutomaticContentLength bool
 }
 
 // parseRawRequest parses the raw request as supplied by the user