Full Raw Http support

v2/go.mod

@@ -13,10 +13,12 @@ require (
 	github.com/miekg/dns v1.1.31
 	github.com/pkg/errors v0.9.1
 	github.com/projectdiscovery/gologger v1.0.1
+	github.com/projectdiscovery/rawhttp v0.0.2-0.20201005200949-0a5c878e6ee1
 	github.com/projectdiscovery/retryabledns v1.0.4
 	github.com/projectdiscovery/retryablehttp-go v1.0.1
+	github.com/stretchr/testify v1.5.1
 	github.com/vbauerster/mpb/v5 v5.3.0
-	golang.org/x/net v0.0.0-20200923182212-328152dc79b1
+	golang.org/x/net v0.0.0-20201002202402-0a1ea396d57c
 	golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e
 	gopkg.in/yaml.v2 v2.3.0
 )

v2/go.sum

@@ -1,20 +1,17 @@
-github.com/Knetic/govaluate v1.5.0 h1:L4MyqdJSld9xr2eZcZHCWLfeIX2SBjqrwIKG1pcm/+4=
 github.com/Knetic/govaluate v3.0.0+incompatible h1:7o6+MAPhYTCF0+fdvoz1xDedhRb4f6s9Tn1Tt7/WTEg=
 github.com/Knetic/govaluate v3.0.0+incompatible/go.mod h1:r7JcOSlj0wfOMncg0iLm8Leh48TZaKVeNIfJntJ2wa0=
 github.com/VividCortex/ewma v1.1.1 h1:MnEK4VOv6n0RSY4vtRe3h11qjxL3+t0B8yOL8iMXdcM=
 github.com/VividCortex/ewma v1.1.1/go.mod h1:2Tkkvm3sRDVXaiyucHiACn4cqf7DpdyLvmxzcbUokwA=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8=
 github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo=
-github.com/blang/semver v1.1.0 h1:ol1rO7QQB5uy7umSNV7VAmLugfLRD+17sYJujRNYPhg=
 github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ=
 github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk=
-github.com/d5/tengo v1.24.8 h1:PRJ+NWt7ae/9sSbIfThOBTkPSvNV+dwYoBAvwfNgNJY=
 github.com/d5/tengo/v2 v2.6.2 h1:AnPhA/Y5qrNLb5QSWHU9uXq25T3QTTdd2waTgsAHMdc=
 github.com/d5/tengo/v2 v2.6.2/go.mod h1:XRGjEs5I9jYIKTxly6HCF8oiiilk5E/RYXOZ5b0DZC8=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY=
 github.com/google/go-github/v32 v32.1.0 h1:GWkQOdXqviCPx7Q7Fj+KyPoGm4SwHRh8rheoPhd27II=
 github.com/google/go-github/v32 v32.1.0/go.mod h1:rIEpZD9CTDQwDK9GDrtMTycQNA4JU3qBsCizh3q2WCI=
 github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
@@ -38,18 +35,29 @@ github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742 h1:Esafd1046DLD
 github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
 github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/projectdiscovery/gologger v1.0.1 h1:FzoYQZnxz9DCvSi/eg5A6+ET4CQ0CDUs27l6Exr8zMQ=
 github.com/projectdiscovery/gologger v1.0.1/go.mod h1:Ok+axMqK53bWNwDSU1nTNwITLYMXMdZtRc8/y1c7sWE=
+github.com/projectdiscovery/rawhttp v0.0.2-0.20200929200351-394a0e5b5a8a h1:+MysXksoug4+a2q739DVhrtoKkOGwNoen0ux5swMGZw=
+github.com/projectdiscovery/rawhttp v0.0.2-0.20200929200351-394a0e5b5a8a/go.mod h1:PQERZAhAv7yxI/hR6hdDPgK1WTU56l204BweXrBec+0=
+github.com/projectdiscovery/rawhttp v0.0.2-0.20201005001033-5c3b518c4288 h1:0gWt2HFAIj1KP/aflQ0wjxRnSMAD0eECd/FGX+aA7F8=
+github.com/projectdiscovery/rawhttp v0.0.2-0.20201005001033-5c3b518c4288/go.mod h1:PQERZAhAv7yxI/hR6hdDPgK1WTU56l204BweXrBec+0=
+github.com/projectdiscovery/rawhttp v0.0.2-0.20201005194701-94f961939048 h1:o3ohMDTWYgTRQb7nivDZyk0acxEf7F2cG+qj8hdpCzc=
+github.com/projectdiscovery/rawhttp v0.0.2-0.20201005194701-94f961939048/go.mod h1:PQERZAhAv7yxI/hR6hdDPgK1WTU56l204BweXrBec+0=
+github.com/projectdiscovery/rawhttp v0.0.2-0.20201005200243-8cd4c43f84dc h1:Igp422RKczdlWm7XOEUpH3OCJxDGZ5L2oiAglbxtX6k=
+github.com/projectdiscovery/rawhttp v0.0.2-0.20201005200243-8cd4c43f84dc/go.mod h1:PQERZAhAv7yxI/hR6hdDPgK1WTU56l204BweXrBec+0=
+github.com/projectdiscovery/rawhttp v0.0.2-0.20201005200949-0a5c878e6ee1 h1:I3aE8ta92M2XbrYKNYOTlXhodxyH+zQOt1jIatorhQA=
+github.com/projectdiscovery/rawhttp v0.0.2-0.20201005200949-0a5c878e6ee1/go.mod h1:PQERZAhAv7yxI/hR6hdDPgK1WTU56l204BweXrBec+0=
 github.com/projectdiscovery/retryabledns v1.0.4 h1:0Va7qHlWQsIXjRLISTjzfN3tnJmHYDudY05Nu3IJd60=
 github.com/projectdiscovery/retryabledns v1.0.4/go.mod h1:/UzJn4I+cPdQl6pKiiQfvVAT636YZvJQYZhYhGB0dUQ=
 github.com/projectdiscovery/retryablehttp-go v1.0.1 h1:V7wUvsZNq1Rcz7+IlcyoyQlNwshuwptuBVYWw9lx8RE=
 github.com/projectdiscovery/retryablehttp-go v1.0.1/go.mod h1:SrN6iLZilNG1X4neq1D+SBxoqfAF4nyzvmevkTkWsek=
+github.com/remeh/sizedwaitgroup v1.0.0/go.mod h1:3j2R4OIe/SeS6YDhICBy22RWjJC5eNCJ1V+9+NVNYlo=
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.5.1 h1:nOGnQDM7FYENwehXlg/kFVnos3rEvtKTjRvOWSzb6H4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/vbauerster/mpb v1.1.3 h1:IRgic8VFaURXkW0VxDLkNOiNaAgtw0okB2YIaVvJDI4=
-github.com/vbauerster/mpb v3.4.0+incompatible h1:mfiiYw87ARaeRW6x5gWwYRUawxaW1tLAD8IceomUCNw=
 github.com/vbauerster/mpb/v5 v5.3.0 h1:vgrEJjUzHaSZKDRRxul5Oh4C72Yy/5VEMb0em+9M0mQ=
 github.com/vbauerster/mpb/v5 v5.3.0/go.mod h1:4yTkvAb8Cm4eylAp6t0JRq6pXDkFJ4krUlDqWYkakAs=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
@@ -61,22 +69,24 @@ golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20200923182212-328152dc79b1 h1:Iu68XRPd67wN4aRGGWwwq6bZo/25jR6uu52l/j2KkUE=
-golang.org/x/net v0.0.0-20200923182212-328152dc79b1/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA=
+golang.org/x/net v0.0.0-20201002202402-0a1ea396d57c h1:dk0ukUIHmGHqASjP0iue2261isepFCC6XRCSd1nHgDw=
+golang.org/x/net v0.0.0-20201002202402-0a1ea396d57c/go.mod h1:iQL9McJNjoIa5mjH6nYTCTZXUN6RP+XW3eib7Ya3XcI=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20200810151505-1b9f1253b3ed h1:WBkVNH1zd9jg/dK4HCM4lNANnmd12EHC9z+LmcCG4ns=
 golang.org/x/sys v0.0.0-20200810151505-1b9f1253b3ed/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f h1:+Nyd8tzPX9R7BWHguqsrbFdRx3WQ/1ib8I44HXV5yTA=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e h1:EHBhcS0mlXEAVwNyO2dLfjToGsyY4j24pTs2ScHnX7s=
 golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=

v2/pkg/executer/executer_http.go

@@ -24,6 +24,7 @@ import (
 	"github.com/projectdiscovery/nuclei/v2/pkg/matchers"
 	"github.com/projectdiscovery/nuclei/v2/pkg/requests"
 	"github.com/projectdiscovery/nuclei/v2/pkg/templates"
+	"github.com/projectdiscovery/rawhttp"
 	"github.com/projectdiscovery/retryablehttp-go"
 	"golang.org/x/net/proxy"
 )
@@ -42,6 +43,7 @@ type HTTPExecuter struct {
 	jsonOutput      bool
 	jsonRequest     bool
 	httpClient      *retryablehttp.Client
+	rawHttpClient   *rawhttp.Client
 	template        *templates.Template
 	bulkHTTPRequest *requests.BulkHTTPRequest
 	writer          *bufwriter.Writer
@@ -102,11 +104,15 @@ func NewHTTPExecuter(options *HTTPOptions) (*HTTPExecuter, error) {
 		client.HTTPClient.Jar = jar
 	}
 
+	// initiate raw http client
+	rawClient := rawhttp.NewClient(rawhttp.DefaultOptions)
+
 	executer := &HTTPExecuter{
 		debug:           options.Debug,
 		jsonOutput:      options.JSON,
 		jsonRequest:     options.JSONRequests,
 		httpClient:      client,
+		rawHttpClient:   rawClient,
 		template:        options.Template,
 		bulkHTTPRequest: options.BulkHTTPRequest,
 		writer:          options.Writer,
@@ -161,10 +167,14 @@ func (e *HTTPExecuter) ExecuteHTTP(ctx context.Context, p progress.IProgress, re
 
 func (e *HTTPExecuter) handleHTTP(reqURL string, request *requests.HTTPRequest, dynamicvalues map[string]interface{}, result *Result) error {
 	e.setCustomHeaders(request)
-	req := request.Request
+
+	var (
+		resp *http.Response
+		err  error
+	)
 
 	if e.debug {
-		dumpedRequest, err := httputil.DumpRequest(req.Request, true)
+		dumpedRequest, err := requests.Dump(request, reqURL)
 		if err != nil {
 			return err
 		}
@@ -174,16 +184,28 @@ func (e *HTTPExecuter) handleHTTP(reqURL string, request *requests.HTTPRequest,
 	}
 
 	timeStart := time.Now()
-	resp, err := e.httpClient.Do(req)
-	duration := time.Since(timeStart)
-
-	if err != nil {
-		if resp != nil {
-			resp.Body.Close()
+	if request.RawRequest != nil {
+		// rawhttp
+		// burp uses "\r\n" as new line character
+		request.RawRequest.Data = strings.ReplaceAll(request.RawRequest.Data, "\n", "\r\n")
+		options := e.rawHttpClient.Options
+		options.AutomaticContentLength = request.RawRequest.AutomaticContentLength
+		options.AutomaticHostHeader = request.RawRequest.AutomaticHostHeader
+		resp, err = e.rawHttpClient.DoRawWithOptions(request.RawRequest.Method, reqURL, request.RawRequest.Path, requests.ExpandMapValues(request.RawRequest.Headers), ioutil.NopCloser(strings.NewReader(request.RawRequest.Data)), options)
+		if err != nil {
+			return err
+		}
+	} else {
+		// retryablehttp
+		resp, err = e.httpClient.Do(request.Request)
+		if err != nil {
+			if resp != nil {
+				resp.Body.Close()
+			}
+			return err
 		}
-
-		return err
 	}
+	duration := time.Since(timeStart)
 
 	if e.debug {
 		dumpedResponse, dumpErr := httputil.DumpResponse(resp, true)
@@ -212,7 +234,7 @@ func (e *HTTPExecuter) handleHTTP(reqURL string, request *requests.HTTPRequest,
 
 	// net/http doesn't automatically decompress the response body if an encoding has been specified by the user in the request
 	// so in case we have to manually do it
-	data, err = requests.HandleDecompression(req, data)
+	data, err = requests.HandleDecompression(request, data)
 	if err != nil {
 		return errors.Wrap(err, "could not decompress http body")
 	}
@@ -366,9 +388,15 @@ func (e *HTTPExecuter) setCustomHeaders(r *requests.HTTPRequest) {
 		}
 
 		headerName, headerValue := tokens[0], strings.Join(tokens[1:], "")
-		headerName = strings.TrimSpace(headerName)
-		headerValue = strings.TrimSpace(headerValue)
-		r.Request.Header[headerName] = []string{headerValue}
+		if r.RawRequest != nil {
+			// rawhttp
+			r.RawRequest.Headers[headerName] = headerValue
+		} else {
+			// retryablehttp
+			headerName = strings.TrimSpace(headerName)
+			headerValue = strings.TrimSpace(headerValue)
+			r.Request.Header[headerName] = []string{headerValue}
+		}
 	}
 }
 

v2/pkg/executer/output_http.go

@@ -13,7 +13,15 @@ import (
 
 // writeOutputHTTP writes http output to streams
 func (e *HTTPExecuter) writeOutputHTTP(req *requests.HTTPRequest, resp *http.Response, body string, matcher *matchers.Matcher, extractorResults []string) {
-	URL := req.Request.URL.String()
+	var URL string
+	// rawhttp
+	if req.RawRequest != nil {
+		URL = req.RawRequest.FullURL
+	}
+	// retryablehttp
+	if req.Request != nil {
+		URL = req.Request.URL.String()
+	}
 
 	if e.jsonOutput {
 		output := jsonOutput{
@@ -34,8 +42,9 @@ func (e *HTTPExecuter) writeOutputHTTP(req *requests.HTTPRequest, resp *http.Res
 			output.ExtractedResults = extractorResults
 		}
 
+		// TODO: URL should be an argument
 		if e.jsonRequest {
-			dumpedRequest, err := httputil.DumpRequest(req.Request.Request, true)
+			dumpedRequest, err := requests.Dump(req, URL)
 			if err != nil {
 				gologger.Warningf("could not dump request: %s\n", err)
 			} else {

v2/pkg/requests/bulk-http-request.go

@@ -62,7 +62,14 @@ type BulkHTTPRequest struct {
 	// MaxRedirects is the maximum number of redirects that should be followed.
 	MaxRedirects int `yaml:"max-redirects,omitempty"`
 	// Raw contains raw requests
-	Raw  []string `yaml:"raw,omitempty"`
+	Raw []string `yaml:"raw,omitempty"`
+	// Specify in order to skip request RFC normalization
+	Unsafe bool `yaml:"unsafe,omitempty"`
+	// DisableAutoHostname Enable/Disable Host header for unsafe raw requests
+	DisableAutoHostname bool `yaml:"disable-automatic-host-header,omitempty"`
+	// DisableAutoContentLength Enable/Disable Content-Length header for unsafe raw requests
+	DisableAutoContentLength bool `yaml:"disable-automatic-content-length-header,omitempty"`
+	// Internal Finite State Machine keeping track of scan process
 	gsfm *GeneratorFSM
 }
 
@@ -201,18 +208,26 @@ func (r *BulkHTTPRequest) handleRawWithPaylods(ctx context.Context, raw, baseURL
 	dynamicReplacer := newReplacer(dynamicValues)
 	raw = dynamicReplacer.Replace(raw)
 
-	compiledRequest, err := r.parseRawRequest(raw, baseURL)
+	rawRequest, err := r.parseRawRequest(raw, baseURL)
 	if err != nil {
 		return nil, err
 	}
 
-	req, err := http.NewRequestWithContext(ctx, compiledRequest.Method, compiledRequest.FullURL, strings.NewReader(compiledRequest.Data))
+	// rawhttp
+	if r.Unsafe {
+		rawRequest.AutomaticContentLength = !r.DisableAutoContentLength
+		rawRequest.AutomaticHostHeader = !r.DisableAutoHostname
+		return &HTTPRequest{RawRequest: rawRequest, Meta: genValues}, nil
+	}
+
+	// retryablehttp
+	req, err := http.NewRequestWithContext(ctx, rawRequest.Method, rawRequest.FullURL, strings.NewReader(rawRequest.Data))
 	if err != nil {
 		return nil, err
 	}
 
 	// copy headers
-	for key, value := range compiledRequest.Headers {
+	for key, value := range rawRequest.Headers {
 		req.Header[key] = []string{value}
 	}
 
@@ -254,8 +269,9 @@ func (r *BulkHTTPRequest) fillRequest(req *http.Request, values map[string]inter
 
 // HTTPRequest is the basic HTTP request
 type HTTPRequest struct {
-	Request *retryablehttp.Request
-	Meta    map[string]interface{}
+	Request    *retryablehttp.Request
+	RawRequest *RawRequest
+	Meta       map[string]interface{}
 }
 
 func setHeader(req *http.Request, name, value string) {
@@ -300,11 +316,13 @@ func (c *CustomHeaders) Set(value string) error {
 
 // RawRequest defines a basic HTTP raw request
 type RawRequest struct {
-	FullURL string
-	Method  string
-	Path    string
-	Data    string
-	Headers map[string]string
+	FullURL                string
+	Method                 string
+	Path                   string
+	Data                   string
+	Headers                map[string]string
+	AutomaticHostHeader    bool
+	AutomaticContentLength bool
 }
 
 // parseRawRequest parses the raw request as supplied by the user
@@ -328,6 +346,8 @@ func (r *BulkHTTPRequest) parseRawRequest(request, baseURL string) (*RawRequest,
 	// Set the request Method
 	rawRequest.Method = parts[0]
 
+	// Accepts all malformed headers
+	var key, value string
 	for {
 		line, readErr := reader.ReadString('\n')
 		line = strings.TrimSpace(line)
@@ -337,15 +357,12 @@ func (r *BulkHTTPRequest) parseRawRequest(request, baseURL string) (*RawRequest,
 		}
 
 		p := strings.SplitN(line, ":", two)
-		if len(p) != two {
-			continue
-		}
-
-		if strings.EqualFold(p[0], "content-length") {
-			continue
+		key = p[0]
+		if len(p) > 1 {
+			value = p[1]
 		}
 
-		rawRequest.Headers[strings.TrimSpace(p[0])] = strings.TrimSpace(p[1])
+		rawRequest.Headers[key] = value
 	}
 
 	// Handle case with the full http url in path. In that case,
@@ -385,7 +402,7 @@ func (r *BulkHTTPRequest) parseRawRequest(request, baseURL string) (*RawRequest,
 		rawRequest.Path = fmt.Sprintf("%s%s", parsedURL.Path, rawRequest.Path)
 	}
 
-	rawRequest.FullURL = fmt.Sprintf("%s://%s%s", parsedURL.Scheme, hostURL, rawRequest.Path)
+	rawRequest.FullURL = fmt.Sprintf("%s://%s%s", parsedURL.Scheme, strings.TrimSpace(hostURL), rawRequest.Path)
 
 	// Set the request body
 	b, err := ioutil.ReadAll(reader)

v2/pkg/requests/dump.go

@@ -0,0 +1,17 @@
+package requests
+
+import (
+	"io/ioutil"
+	"net/http/httputil"
+	"strings"
+
+	"github.com/projectdiscovery/rawhttp"
+)
+
+func Dump(req *HTTPRequest, reqURL string) ([]byte, error) {
+	if req.Request != nil {
+		return httputil.DumpRequest(req.Request.Request, true)
+	}
+
+	return rawhttp.DumpRequestRaw(req.RawRequest.Method, reqURL, req.RawRequest.Path, ExpandMapValues(req.RawRequest.Headers), ioutil.NopCloser(strings.NewReader(req.RawRequest.Data)))
+}