gobuster icon indicating copy to clipboard operation
gobuster copied to clipboard

Published 20 hours ago verified publisher icon OJ

Detect/report on redirect loops

Open 0xdevalias opened this issue 8 years ago • 1 comments
trafficstars

Currently, if a redirect loop is hit while using -r then gobuster spins a few times, then returns the following (at least if it's on the initial/base URL):

[-] Unable to connect: https://example.com/somepath/

https://github.com/OJ/gobuster/blob/7a6d1c068e3e89ee9b3c0c01cb3946957143a0c9/main.go#L412

Looking at my logs, the server is redirecting like so:

301 https://example.com/somepath/
301 https://example.com/somepath
301 https://example.com/somepath/
..etc..

Obviously, if we don't follow redirects with -r this issue won't happen.

This would be interesting to detect on, because in this instance, a non-existent folder will redirect to a 404, whereas an existing folder will enter this redirect loop.

0xdevalias avatar Nov 01 '17 00:11 0xdevalias

ooh! Great catch! This could be the kind of thing that's causing other issues as well.

OJ avatar Nov 01 '17 00:11 OJ