[Bug] Encoding Problem: \xA0 will be encoded into \xc2\xa0

defparam / smuggler

Smuggler - An HTTP Request Smuggling / Desync testing tool written in Python 3

MIT License

1.81k stars 292 forks source link

[Bug] Encoding Problem: \xA0 will be encoded into \xc2\xa0 #12

Open domitoris opened 4 years ago

domitoris commented 4 years ago

Your code encode string into utf-8 bytes. But when "endspace-a0" is sent, utf-8 encoding encode \xA0 into \xc2\xa0. So, it will probably result in incorrect diagnosis

therefore, I suggest you that fix the below code into plain text because HTTP protocol sends a plain text.

https://github.com/defparam/smuggler/blob/7084d634976674150456d03d42c96cef3fdb3028/smuggler.py#L60

Suggestion:

web.send(str(payload_obj))

defparam commented 4 years ago

Thank you, yes the encodings in this tool need to be fixed so they aren't converting raw payload to UTF-8-style characters