Closed AlexPaiva closed 5 months ago
bogdanfinn
commented
5 months ago @AlexPaiva could you maybe please add some code to reproduce / debug this issue? I do not work with protobuf currently and i would need to write a PoC for that. Maybe its easier when you provide some quick PoC?
shellcmd89
commented
5 months ago same issue, I had send a friend request in discord, wish I can provide some useful information for you. @bogdanfinn
AlexPaiva
commented
5 months ago Fixed by pip install --upgrade protobuf as for some reason it was an older version and when installing the protoc compiler to transform .proto into .py you need to download the latest release from here: https://github.com/protocolbuffers/protobuf/releases
reversecoderslab
commented
17 hours ago Bug already exists. Extra bytes in Protobuf are still added also on latest release version.
reversecoderslab
commented
17 hours ago As you can see:
08efbfbdefbfbdefbfbdefbfbd041002280432efbfbd01efbfbd402b03efbfbd00eca7a61c690637130fefbfbd7defbfbdefbfbdefbfbd722cefbfbdefbfbdefbfbd2c48efbfbd427551efbfbd2defbfbd59360300efbfbd271defbfbd0a514d40efbfbd205d7e206d2a10efbfbdefbfbd622519efbfbd07efbfbdefbfbd2971efbfbdefbfbdefbfbd7e5f5fefbfbd01efbfbdefbfbdefbfbddab755efbfbd39efbfbdefbfbdefbfbdefbfbdd08d6b5601efbfbd627b5148374f76efbfbdefbfbdefbfbdefbfbdefbfbdefbfbdefbfbd0c042defbfbd52efbfbd64345866efbfbdefbfbdefbfbd09efbfbd5c62efbfbdefbfbd60efbfbdefbfbdefbfbdd0a005efbfbdefbfbd50efbfbdefbfbd76efbfbd49efbfbdefbfbdefbfbdd689efbfbd6b5e7aefbfbd425befbfbd462855efbfbdefbfbd123a70efbfbd6ac782efbfbd23efbfbd2a34efbfbd2fefbfbdefbfbdefbfbdefbfbd2b
Death bytes 'efbfbd' still in response hex included.
TLS client version
Latest
System information
Linux
Issue description
protobuf replies have extra bytes added/messed with so the reply is no longer valid to be decoded with the expected .proto file decoder, works fine when used with httpx or requests on python.
Steps to reproduce / Code Sample
Create a .proto file, send a request to a server that expects it to be serialized with it, the server serializes it's response and sends back and when you decode it with the .proto file if you use httpx/requests it works but if you use tls-cliente the bytes don't match and/or the hex doesn't match and it's not valid.