[http_server] Verbose logging and POST method support for http_server [feature-request]

[defec8edc0de]

Hello fine Sir,

I tried out your http_server go script and enjoy it very much. However, I am missing an argument to instruct the server to log more verbose information about incoming requests to the stdout (or a file), which would come in handy for common pentesting data exfiltration tasks. Furthermore it would be nice if it supports all HTTP methods, including POST.

Thank you very much good Sir.

[takeshixx]

a5a0c3101b1bebbe58bbd0751e6d432baec103fa introduces a -log option that logs the full requests and response bodies. An additional option -log-resp-body is also available, that also prints the response bodies. I kept that separated to prevent unintentional spamming of binary data.

Regarding the HTTP methods: what's the behavior you have in mind? So that all paths support arbitrary HTTP methods and handle all s GET requests? Or just on the root path /?

[defec8edc0de]

So that all paths support arbitrary HTTP methods and handle all s GET requests? exactly and also the body is stored/logged for arbitrary HTTP methods when the server is started with -log-resp-body.

Thank you so much Sir.

[sfunkernw]

As this issue is not closed yet, can I also request another change for the http_server log output? It would be nice, if also the source IP of the incoming HTTP request could be logged in the stdout:

Here is the current state:

klabusterbaer@klabusterbaum:/$ firefox https://klabusterwald.de:8443

klabusterbaer@klabusterwaldfoerster:/var/www/klabusterwald$ http_server -port 8443 -no-auth -log -ssl-cert ../certificate.crt -ssl-key ../private.key 2020/09/11 13:45:52 Using root directory: /var/www/klabusterwald 2020/09/11 13:45:52 Listening on socket: 0.0.0.0:8443 2020/09/11 13:45:56 ===REQUEST=== GET / HTTP/2.0 Host: klabusterwald.de:8443 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: de,en-US;q=0.7,en;q=0.3 Dnt: 1 If-Modified-Since: Fri, 11 Sep 2020 11:18:15 GMT Te: trailers Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:80.0) Gecko/20100101 Firefox/80.0

===RESPONSE=== HTTP/1.1 304 Not Modified Connection: close

Here is the expected state:

klabusterbaer@klabusterbaum:/$ firefox https://klabusterwald.de:8443

klabusterbaer@klabusterwaldfoerster:/var/www/klabusterwald$ http_server -port 8443 -no-auth -log -ssl-cert ../certificate.crt -ssl-key ../private.key 2020/09/11 13:45:52 Using root directory: /var/www/klabusterwald 2020/09/11 13:45:52 Listening on socket: 0.0.0.0:8443 2020/09/11 13:45:56 HTTP request from 151.199.53.145 ===REQUEST=== GET / HTTP/2.0 Host: klabusterwald.de:8443 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,/;q=0.8 Accept-Encoding: gzip, deflate, br Accept-Language: de,en-US;q=0.7,en;q=0.3 Dnt: 1 If-Modified-Since: Fri, 11 Sep 2020 11:18:15 GMT Te: trailers Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:80.0) Gecko/20100101 Firefox/80.0

===RESPONSE=== HTTP/1.1 304 Not Modified Connection: close

[takeshixx]

Added RemoteAddr to logs in c605711221ebe62aeec9714a09eaf032024dbf56 (sorry for the delay :sweat_smile:).