libhtp icon indicating copy to clipboard operation
libhtp copied to clipboard

Published 20 hours ago verified publisher icon OISF

Supporting 101 Switching Protocols

Open WGH- opened this issue 7 years ago • 2 comments

Related to #13 which was closed for no apparent reason.

As soon as server replies with 101 Switching Protocols, anything after HTTP headers is no longer HTTP protocol.

The server will switch protocols to those defined by the response's Upgrade header field immediately after the empty line which terminates the 101 response.

libhtp seems to ignore this status code, still trying to parse everything that comes after as HTTP data.

This leads to WebSocket traffic being interpreted as some junk requests/responses (I will attach some pcaps a bit later, if needed).

I believe the correct solution would be to stop tracking HTTP connection after 101 response, unless specific protocol can be actually supported.

WGH- avatar Jul 13 '16 15:07 WGH-

I've started working on implementing this. As libhtp already does something similar with CONNECT requests, it shouldn't be very hard.

WGH- avatar Aug 03 '16 21:08 WGH-

Is this still an issue ? (I do not think so)

catenacyber avatar Apr 25 '22 11:04 catenacyber