When following redirects, status codes of discovered pages are incorrectly logged

[knapsy]

When running the tool in "dir" mode with "-r" option to follow redirects, status codes of discovered pages are always logged as "OK" (200).

Example:

1. Initial request results in redirect (302)
2. The target of redirection is "Not Found" (404) 3, The target is logged by gobuster as "OK" (200)

[OJ]

Thanks for the report @knapsy !

[OJ]

Haven't forgotten about this @knapsy, I hope to get to it soon.

[OJ]

I'm not seeing this behaviour at all mate. When a 302 directs to a page that gets 404, I'm seeing this:

=====================================================
Gobuster v1.0 (DIR support by OJ Reeves @TheColonial)
              (DNS support by Peleus     @0x42424242)
=====================================================
[+] Mode         : dir
[+] Url/Domain   : https://httpbin.org/
[+] Threads      : 10
[+] Wordlist     : /tmp/urls.txt
[+] Status codes : 200,204,301,302,307
[+] Follow Redir : true
[+] Verbose      : true
=====================================================
Missed: /redirect-to?url=https://httpbin.org/NOTFOUND (Status: 404)
=====================================================

My guess is that your target site returns a 200 status code even if the markup says Not found in it.

[knapsy]

Thanks for looking into this! Let me go back to my logs and investigate further (can't recall exact behavior now) - will keep you posted.

[OJ]

Got any news on this @knapsy ?

[OJ]

Sorry mate, going to close this. I can't repro, and you be silent!