feroxbuster icon indicating copy to clipboard operation
feroxbuster copied to clipboard

Published 20 hours ago verified publisher icon epi052

[DOCS] add work around for items requiring a comma by using the config file

Open vaadata-pascala opened this issue 2 years ago • 5 comments

Describe the bug I'm working on a project where I need feroxbuster to send a specific header with a value that contains a comma. Unfortunately, because of the line below, the parameter will be split and the comma will create a new header.

https://github.com/epi052/feroxbuster/blob/bbfaddaedd1b4329a72bca933e44ada6463dafe3/src/parser.rs#L210

To Reproduce

$ cargo run -- --url '<myurl>' -H 'Accept: text/html,application/json'

Expected behavior

Create an header Accept with the value text/html,application/json

Traceback / Error Output

In this case it create an error because it tries to use application/json as a header name.

thread 'main' panicked at 'Could not rebuild client: invalid HTTP header name', src/config/container.rs:885:18
note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace

Environment:

  • feroxbuster version: latest commit (bbfaddaedd1b4329a72bca933e44ada6463dafe3)
  • OS Ubuntu 20.04

Additional context

I can't urlencode the comma, this make the header value invalid for the server.

vaadata-pascala avatar Sep 15 '22 09:09 vaadata-pascala

Howdy, and thanks for submitting the report!

Can you try putting your header in ferox-config.toml to see if you can pass comma separated values that way?

epi052 avatar Sep 15 '22 09:09 epi052

Yes it works! I wasn't aware of this file.

vaadata-pascala avatar Sep 15 '22 09:09 vaadata-pascala

Glad to hear it! So, given that we have a work-around/solution, and because the CLI has behaved this way since it was released, I would prefer not to change it.

Is the config file a suitable solution for your project?

The config file has some additional functionality talked about here and here.

epi052 avatar Sep 15 '22 10:09 epi052

Yes, this is one of the few projects where I had to specify a header with comma so this is not a problem to create a config file for these. But maybe this behavior should be described in the README (near the "Include Headers" section)?

vaadata-pascala avatar Sep 15 '22 10:09 vaadata-pascala

sure, we can add a blurb about how to work around items requiring a comma by using the config file :+1:

epi052 avatar Sep 16 '22 01:09 epi052

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Oct 18 '22 20:10 stale[bot]

fixed: https://epi052.github.io/feroxbuster-docs/docs/examples/core-features/#include-headers

epi052 avatar Oct 21 '22 11:10 epi052