malformed HTTP version "HTTP/2" when using rxss mode

hahwul / dalfox

🌙🦊 Dalfox is a powerful open-source XSS scanner and utility focused on automation.

https://dalfox.hahwul.com

MIT License

3.59k stars 402 forks source link

malformed HTTP version "HTTP/2" when using rxss mode #405

Open fuomag9 opened 2 years ago

fuomag9 commented 2 years ago

Describe the bug

When using rxss mode and parsing a burp request file via the --cookie-from-raw option, dalfox will error out with malformed HTTP version "HTTP/2" if the request contains HTTP/2 instead of HTTP/1.1

Suggested fix is to allow parsing of HTTP/2 as well (it should not change anything in the request format regarding cookies)

Environment

Dalfox Version: 2.7.5
Installed from: go

hahwul commented 1 year ago

Hi @fuomag9 This problem occurs because the http library itself used by dalfox is based on HTTP/1.1. It can be solved with HTTP2 support, but it's on hold because it's bigger than I thought 😭