favirecon icon indicating copy to clipboard operation
favirecon copied to clipboard
verified publisher icon edoardottt

Not working in custom favicon directory scenario

Open Kr1shna4garwal opened this issue 1 year ago • 13 comments

Is your feature request related to a problem? Please describe. Tool is really good, but it seems not working in some scenarios, like if a site has placed it's favicon.ico file in a directory (Example: http://example[.]com/images/favicon.ico), tool will miss out the favicon. So instead of statically requesting just favicon.ico, it is recommend to first locate the path of favicon.ico in the source and then request it.

Describe the solution you'd like The Tool should grep for .ico extension in page source, and then request that path for catching actual favicon.ico file

Kr1shna4garwal avatar Apr 26 '24 22:04 Kr1shna4garwal

Hi @Kr1shna4garwal , thanks for your contribution!

I thought about that, I was putting the effort in increasing the size of the database . can you provide an example of URLs to test this functionality once implemented?

thanks

edoardottt avatar Apr 27 '24 06:04 edoardottt

Hi @edoardottt, I have one such example url: https://drata.com/images/favicon.ico Current version is unable to fetch this favicon

Kr1shna4garwal avatar Apr 27 '24 06:04 Kr1shna4garwal

Thanks :) Do you have any advice on how to obtain html tag values? I'd like to avoid any regex et similia... I'd prefer parsing html and get an exact value.

edoardottt avatar Apr 27 '24 07:04 edoardottt

Hello @edoardottt,

I'm not a Golang programmer, So I don't much knowledge in Go

But in general, I think steps should be:

  1. send a GET request to "/"
  2. parse it using golang html library
  3. Loop through each token -> extract the attribute's value if attribute's key is href
  4. Filter the results to match for .ico extension
  5. extract the value
  6. request the exact path
  7. Then do further processing with that

Kr1shna4garwal avatar Apr 27 '24 12:04 Kr1shna4garwal

It may not the best solution. Now the tool performs 1 request per target. with that solution all of the targets will get 2 requests, resulting in double time and resources needed. If the vast majority of the domains use /favicon.ico, this is definitely not a good solution.

edoardottt avatar Apr 28 '24 07:04 edoardottt

That's right, It maybe not the best solution but still we can implement it in different way! Like we can first check for /favicon.ico (Primary option), If found it will process it (1 request). If not found, then it will make 2 requests (1st request to find .ico path in page source, then 2nd to request and process that favicon.ico path). This way I believe tool's efficiency and usefulness both will be maintained. Currently no favicon analysis tool is doing this job.

Kr1shna4garwal avatar Apr 28 '24 11:04 Kr1shna4garwal

I agree @Kr1shna4garwal . I was thinking the same. issue prioritized:)

edoardottt avatar Apr 28 '24 12:04 edoardottt

Like we can first check for /favicon.ico (Primary option), If found it will process it (1 request). The doubt here is how we can check if the favicon is found? Maybe the content-type must be image/x-icon ? I'm thinking if the second option would be the best in any case

edoardottt avatar Oct 18 '24 09:10 edoardottt