search

0140454 / hackbar

A browser extension for Penetration Testing
444 stars 62 forks source link

POST submission data error #4

Closed chixiaome closed 3 years ago

chixiaome commented 4 years ago

During the wide byte injection process, submitting% df in the POST parameter will cause an error. Please tell me how to solve this problem.It will prompt me URI malformed. image

0140454 commented 4 years ago

Thanks for your report.

Since HackBar uses decodeURIComponent when rebuilding form to be sent, it will throw an error when you use wide byte.

Possible solution is using the processing logic of application/json enctype.

  1. Split A=%df'&B=Hello into two part A=%df'&B and Hello.
  2. Construct a text/plain form with a input whose name is A=... and value is He....
  3. After submitting this form, overwrite content-type header with application/x-www-form-urlencoded in background page.

I may publish a new version in the next few days. If you cannot wait the release, you can modify code according to the above description.

0140454 commented 4 years ago

Need another solution

0140454 commented 3 years ago

New enctype for raw data is added in commit f014baea1d14063dafd1a73eea3df277d191171a.