search

lwthiker / curl-impersonate

curl-impersonate: A special build of curl that can impersonate Chrome & Firefox
MIT License
3.63k stars 238 forks source link

passing JSON data yields error: bad/illegal format #39

Closed sjvrensburg closed 2 years ago

sjvrensburg commented 2 years ago

Issue

The following command in curl works:

curl -X POST -H "Content-Type: application/json" -d '{"email": "bored@work.com", "password": "password", "detail": "Whats_This"}' https://dangerous.url/cgi-bin/sharept-nextz.php

The same command with curl_ff91esr does not:

curl_ff91esr -X POST -H "Content-Type: application/json" -d '{"email": "bored@work.com", "password": "password", "detail": "Whats_This"}' https://dangerous.url/cgi-bin/sharept-nextz.php

Issuing the above command results in the following error:

curl: (6) Could not resolve host: application
curl: (6) Could not resolve host: work.com",
curl: (3) URL using bad/illegal format or missing URL
curl: (6) Could not resolve host: "password",
curl: (3) URL using bad/illegal format or missing URL
curl: (3) unmatched close brace/bracket in URL position 13:
"Whats_This"}

I get a similar error if I use curl_ff95. Seems like it isn't parsing the HTTP POST data string correctly. I cannot, unfortunately, test this using the Chrome version since it fails to compile on my system.

Additional Details

I am using the curl-impersonate AUR package. The out from curl_ff91esr -V is:

curl 7.81.0 (x86_64-pc-linux-gnu) libcurl/7.81.0 NSS/3.74 zlib/1.2.12 brotli/1.0.9 zstd/1.5.2 libidn2/2.3.2 libpsl/0.21.1 (+libidn2/2.3.0) nghttp2/1.46.0 librtmp/2.3 OpenLDAP/2.6.1
Release-Date: 2022-01-05
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtmp rtsp smb smbs smtp smtps telnet tftp 
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTPS-proxy IDN IPv6 Largefile libz NTLM NTLM_WB PSL SSL UnixSockets zstd

Please note that the URL is fictitious. I don't want to share the URL publically since it is associated with a phishing campaign.

lwthiker commented 2 years ago

Hi,

It works when I run it. Seems similar to a bug that was resolved in https://github.com/lwthiker/curl-impersonate/pull/19. Maybe you are using an outdated version?

This is what I ran:

docker run --rm lwthiker/curl-impersonate:0.3-ff curl_ff91esr  -X POST -H "Content-Type: application/json" -d '{"email": "bored@work.com", "password": "password", "detail": "Whats_This"}' https://lwthiker.com
sjvrensburg commented 2 years ago

Thank you. Yes, an updated version of curl-impersonate was pushed to AUR in the last few hours and it has fixed the issue.