Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing parts on Transfer-Encoding: chunked request #5223

Closed
sabatmonk opened this issue Feb 12, 2019 · 8 comments
Closed

Missing parts on Transfer-Encoding: chunked request #5223

sabatmonk opened this issue Feb 12, 2019 · 8 comments
Assignees
@thc202
Labels
bug
Milestone
2.12.0

Comments

@sabatmonk
Copy link

sabatmonk commented Feb 12, 2019
edited by thc202
Loading

Describe the bug
When sending a POST request with Transfer-Encoding: chunked, i'm missing the last section of the body, making the request invalid.

To Reproduce
Send a POST request with a json body and the Transfer-Encoding: chunked header.
For my tests, i used this payload (it is an assignation to a blob storage)

Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8

{
"FileName":"TestIcon0.svg","Payload":"data:image/svg+xml;base64,aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaccccccccccccccdddd="
}

Expected behavior
The request should be whole, whether the Transfer-Encoding: chunked header is present or not.

Actual behavior
If i remove the header, the whole request is there, if not, ZAP only see

{
"FileName":"TestIcon0.svg","Payload":"data:image/svg+xml;base64,aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaccccccccccccccddd

If i send the request directly to the server, or through fiddler, it works, so i know the request is not the issue.

Software versions

  • ZAP: 2.7 and ZAP_WEEKLY_D-2019-02-04
  • OS: Windows server 2016
  • Java: Java(TM) SE Runtime Environment (build 1.8.0_201-b09)
  • Request sent from postman
@sabatmonk sabatmonk added the bug label Feb 12, 2019
@kingthorin
Copy link
Member

In Options:Local Proxies is "Remove Unsupported Encodings" on or off?

@sabatmonk
Copy link
Author

Tried with both, no impact

@sabatmonk
Copy link
Author

Is there any information i can provide to help on this?

@thc202
Copy link
Member

thc202 commented Mar 16, 2019

The information provided so far is enough, thank you.

@thc202 thc202 added this to the 2.8.0 milestone Mar 16, 2019
@thc202 thc202 modified the milestones: 2.8.0, 2.9.0 May 29, 2019
@psiinon psiinon modified the milestones: 2.9.0, 2.10.0 Nov 6, 2019
@endlessoblivion
Copy link

For me, in case of chunked encoding, it drops the whole POST body, since it's short:

19
{"userId":"","target":""}
0

Instead, the ProxyThread is trying to parse it as a header:

[ZAP-ProxyThread-1] WARN org.parosproxy.paros.core.proxy.ProxyThread  - Malformed Header: 
org.parosproxy.paros.network.HttpMalformedHeaderException
	at org.parosproxy.paros.network.HttpHeader.setMessage(HttpHeader.java:192)
	at org.parosproxy.paros.network.HttpRequestHeader.setMessage(HttpRequestHeader.java:281)
	at org.parosproxy.paros.network.HttpRequestHeader.<init>(HttpRequestHeader.java:168)
	at org.parosproxy.paros.network.HttpInputStream.readRequestHeader(HttpInputStream.java:68)
	at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(ProxyThread.java:486)
	at org.parosproxy.paros.core.proxy.ProxyThread.run(ProxyThread.java:335)
	at java.lang.Thread.run(Thread.java:748)

@psiinon psiinon modified the milestones: 2.10.0, 2.11.0 Sep 30, 2020
@thc202 thc202 modified the milestones: 2.11.0, 2.12.0 Sep 21, 2021
@thc202 thc202 self-assigned this Nov 8, 2021
@thc202 thc202 changed the title Missing parts on Transfer-Encoding: chunked Missing parts on Transfer-Encoding: chunked request Nov 8, 2021
@thc202 thc202 added add-on and removed add-on labels Dec 2, 2021
@thc202
Copy link
Member

thc202 commented Dec 6, 2021

This will be addressed with the Network add-on (which will supersede the core proxy).

@thc202
Copy link
Member

thc202 commented Feb 9, 2022

Closing, with the merge of #7080 ZAP should start to use the Network add-on to proxy.

@thc202 thc202 closed this as completed Feb 9, 2022
@github-actions
Copy link

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked and limited conversation to collaborators May 11, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@thc202 thc202

Labels
bug
Milestone
2.12.0
Development

No branches or pull requests
5 participants
@psiinon @sabatmonk @thc202 @kingthorin @endlessoblivion