fix

CHANGES

@@ -2,7 +2,7 @@ Changelog for hydra
 -------------------
 
 Release 8.6-dev
-* ...
+* http-form module now supports URLs up to 6000 bytes (thanks to petrock6@github for the patch)
 
 
 Release 8.5

hydra-http-form.c

@@ -454,6 +454,8 @@ char *html_encode(char *string) {
     ret = hydra_strrep(ret, "&", "%26");
   if (index(ret, '#') != NULL)
     ret = hydra_strrep(ret, "#", "%23");
+  if (index(ret, '=') != NULL)
+    ret = hydra_strrep(ret, "=", "%3D");
 
   return ret;
 }

hydra-mod.c

@@ -1043,8 +1043,8 @@ char *hydra_strrep(char *string, char *oldpiece, char *newpiece) {
   char *c, oldstring[6096], newstring[6096]; //updated due to issue 192 on github.
   static char finalstring[6096];
 
-  if(strlen(string) > 6096) {
-    hydra_report(stderr, "[ERROR] Supplied URL or POST data too large. Max limit is 6096 characters.\n");
+  if(strlen(string) > 6000) {
+    hydra_report(stderr, "[ERROR] Supplied URL or POST data too large. Max limit is 6000 characters.\n");
     exit(-1);
   }
 

hydra.c

@@ -3284,7 +3284,7 @@ int main(int argc, char *argv[]) {
       if (strstr(hydra_options.miscptr, "\\:") != NULL) {
         fprintf(stderr, "[INFORMATION] escape sequence \\: detected in module option, no parameter verification is performed.\n");
       } else {
-        sprintf(bufferurl, "%.6096s", hydra_options.miscptr);
+        sprintf(bufferurl, "%.6000s", hydra_options.miscptr);
         url = strtok(bufferurl, ":");
         variables = strtok(NULL, ":");
         cond = strtok(NULL, ":");