Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[http_fuzz] Accept-Encoding header will result in content not being decoded #88

Open
laxa opened this issue Apr 24, 2018 · 5 comments
Open

[http_fuzz] Accept-Encoding header will result in content not being decoded #88

laxa opened this issue Apr 24, 2018 · 5 comments

Comments

@laxa
Copy link
Contributor

laxa commented Apr 24, 2018

How to reproduce:

patator http_fuzz url=https://www.google.fr/ header='Accept-Encoding: gzip' -l log ; cat log/1_*

Then, the content of the response (not the headers) is not uncompressed.
This behavior is due to the use of the DEBUGFUNCTION callback rather than the WRITEDATA or WRITEFUNCTION that are not affected by this issue.
I don't actually know if this behavior is intended for the pycurl library...
@lanjelot
Copy link
Owner

Are you saying you would like Patator to gzip-decode the HTTP response when you are specifically passing Accept-Encoding: gzip ?

@laxa
Copy link
Contributor Author

laxa commented Apr 25, 2018

I am just saying that the intended behavior is not what's happening in this case.
I simplified the case but I encountered this problem when using raw_request with Accept-Encoding headers. I don't actually know why patator uses the DEBUGFUNCTION but I guess the more straightforward fix would be to use the WRITEDATA or WRITEFUNCTION.
My overall idea would be that this behavior does not happen, I guess stripping this header would also make sense.

@lanjelot
Copy link
Owner

Patator uses DEBUGFUNCTION in order to log both the request and response, whereas WRITEDATA would only log the response.

Also even if Patator used WRITEDATA, sending Accept-Encoding: gzip will result in the response being gzip-encoded so I'm not sure why you suggest using WRITEDATA at all but maybe I'm missing something.

import pycurl                                              
from StringIO import StringIO                              

buffer = StringIO()                                        
c = pycurl.Curl()                                          
c.setopt(c.URL, 'http://pycurl.io/')                       
c.setopt(c.HTTPHEADER, [('Accept-Encoding: gzip'),])       
c.setopt(c.WRITEDATA, buffer)                              
c.perform()                                                
c.close()                                                  

body = buffer.getvalue()                                                                                     
print('%r' % body)

@lanjelot
Copy link
Owner

Also, I'm not too sure about stripping the header on behalf of the user. It may confuse him/her too if for example they are surprised not to receive a encoded response. I tend to prefer letting the user understand what they are actually doing instead of doing it for them.

laxa added a commit to laxa/patator that referenced this issue May 9, 2018
@laxa
Fix issue lanjelot#88
ae6b89c
@laxa
Copy link
Contributor Author

laxa commented May 9, 2018
edited
Loading

Here is a PR that should fix this issue. Maybe I should add a warning in case the Accept-Encoding contains a value that is not correctly handled by pycurl ?

@laxa laxa mentioned this issue May 9, 2018
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lanjelot @laxa