race-the-web
race-the-web copied to clipboard
Header key value split at ':' cuts URL value off
Hi,
thanks for this free tool.
I just had a special case in which I specifically had to copy the value of the requests referer header. Let's assume it was https://google.com/search
.
Because of this code, the value will only span from the first double dot to the second double dot.
So instead of Referer: https://google.com/search
, it sends Referer: https
. I could bypass it for myself with //google.com/search
, which did let my requests pass then.
Possible fixes: put together all the pieces after piece 0 (header name) again, possibly use a regex to separate the first part in front of the double dot from the rest, limit the amount of splits initially (https://golang.org/pkg/strings/#SplitN).
Same issue here. My go around was to proxy through BurpSuite and then use BurpSuite's Match and Replace tool to append the colon and trailing characters. Hopefully that will help anyone with the same issue!