Merge pull request #33 from skelsec/master

Fixing HTTP header issue
2025-08-20 05:13:34 -07:00 · 2017-02-09 22:40:28 +01:00 · 2017-02-09 22:40:28 +01:00 · 5f59f2934e
commit 5f59f2934e
parent 0ede767d95 225857b6ed
2 changed files with 32 additions and 31 deletions
--- a/Responder.py
+++ b/Responder.py
@ -239,7 +239,7 @@ def main():

 		if settings.Config.SSL_On_Off:
 			from servers.HTTP import HTTPS
-			threads.append(Thread(target=serve_thread_SSL, args=('', 443, HTTPS,)))
+			threads.append(Thread(target=serve_thread_SSL, args=('', 443, HTTP,)))

 		if settings.Config.WPAD_On_Off:
 			from servers.HTTP_Proxy import HTTP_Proxy
--- a/servers/HTTP.py
+++ b/servers/HTTP.py
@ -266,46 +266,47 @@ class HTTP(BaseRequestHandler):

 	def handle(self):
 		try:
-                        Challenge = RandomChallenge()
-                	for x in range(2):   
+			Challenge = RandomChallenge()
+			
+			while True:
 				self.request.settimeout(3)
-				data = self.request.recv(8092)
+				remaining = 10*1024*1024 #setting max recieve size
+				data = ''
+				while True:
+					buff = ''
+					buff = self.request.recv(8092)
+					if buff == '':
+						break
+					data += buff
+					remaining -= len(buff)
+					if remaining <= 0:
+						break
+					#check if we recieved the full header
+					if data.find('\r\n\r\n') != -1: 
+						#we did, now to check if there was anything else in the request besides the header
+						if data.find('Content-Length') == -1:
+							#request contains only header
+							break
+					else:
+						#searching for that content-length field in the header
+						for line in data.split('\r\n'):
+							if line.find('Content-Length') != -1:
+								line = line.strip()
+								remaining = int(line.split(':')[1].strip()) - len(data)
+			
+				#now the data variable has the full request
 				Buffer = WpadCustom(data, self.client_address[0])

 				if Buffer and settings.Config.Force_WPAD_Auth == False:
 					self.request.send(Buffer)
-                                        self.request.close()
+					self.request.close()
 					if settings.Config.Verbose:
 						print text("[HTTP] WPAD (no auth) file sent to %s" % self.client_address[0])

 				else:
 					Buffer = PacketSequence(data,self.client_address[0], Challenge)
 					self.request.send(Buffer)
+		
 		except socket.error:
 			pass
-
-# HTTPS Server class
-class HTTPS(StreamRequestHandler):
-	def setup(self):
-		self.exchange = self.request
-		self.rfile = socket._fileobject(self.request, "rb", self.rbufsize)
-		self.wfile = socket._fileobject(self.request, "wb", self.wbufsize)
-
-	def handle(self):
-		try:
-                        Challenge = RandomChallenge()
-			data = self.exchange.recv(8092)
-			self.exchange.settimeout(0.5)
-			Buffer = WpadCustom(data,self.client_address[0])
-				
-			if Buffer and settings.Config.Force_WPAD_Auth == False:
-				self.exchange.send(Buffer)
-				if settings.Config.Verbose:
-					print text("[HTTPS] WPAD (no auth) file sent to %s" % self.client_address[0])
-
-			else:
-				Buffer = PacketSequence(data,self.client_address[0], Challenge)
-				self.exchange.send(Buffer)
-		except:
-			pass
-
+