retryablehttp-go
retryablehttp-go copied to clipboard
Published
20 hours ago •
projectdiscovery
projectdiscovery
function to allow http follow meta redirects, http.GetFollowClientRedirects()
Please describe your feature request:
Often, we see responses with status code 200 and with the meta tag defining the redirect, if we implement a follow redirect we would increase the number of vulnerabilities found in nuclei. I think we need to override func (c *Client) do(req *Request) (retres *Response, reterr error) and add getMetaRedirect as a fallback method to determine the redirect,
func getMetaRedirect(body string) (redirect_url string, err error) {
// <meta http-equiv="refresh" content="4; URL='https://google.com/'" />
doc, err := goquery.NewDocumentFromReader(strings.NewReader(body))
if err != nil {
return "", err
}
meta := doc.Find("meta[http-equiv='refresh']")
if meta.Length() == 0 {
return "", nil
}
content := meta.AttrOr("content", "")
if content == "" {
return "", nil
}
parts := strings.Split(content, ";")
if len(parts) < 2 {
return "", nil
}
// get url
for _, part := range parts {
// use regex case insensitve to search for url part
if strings.Contains(strings.ToLower(part), "url=") {
// trim url part with regex
url := part[6 : len(part)-1]
return url, nil
}
}
return "", nil
}
Describe the use case of this feature:
Follow meta redirects like burp suite
