From a2d47904d55592717c515f2f12f6740837766cdc Mon Sep 17 00:00:00 2001 From: van Hauser Date: Wed, 15 Jul 2015 23:17:29 +0200 Subject: [PATCH] HTTP Form redirect following fix --- CHANGES | 1 + hydra-http-form.c | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/CHANGES b/CHANGES index 8a072af..092acc0 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,7 @@ Release 8.2-pre * Added new -O option to hydra to support SSL servers that do not suport TLS * Added xhydra gtk patche by Petar Kaleychev to support modules that do not use usernames * Added patch to redis for initial service checking by Petar Kaleychev - thanks a lot! +* Fixed bug in HTTP Form redirection following - thanks for everyone who reported and especially to Hayden Young for setting up a test page for debugging * Better library finding in ./configure for SVN + support for Darwin Homebrew (and further enhanced) * Fixed http-form module crash that only occurs on *BSD/OSX systems. Thanks to zdk for reporting! * Fixed for SSL connection to support TLSv1.2 etc. diff --git a/hydra-http-form.c b/hydra-http-form.c index 2f634aa..1c08148 100644 --- a/hydra-http-form.c +++ b/hydra-http-form.c @@ -368,6 +368,7 @@ char *stringify_headers(ptr_header_node * ptr_head) { return headers_str; } + char *prepare_http_request(char *type, char *path, char *params, char *headers) { unsigned int reqlen = 0; char *http_request = NULL; @@ -619,6 +620,8 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; } else { + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", "0"); cookie_header = stringify_cookies(ptr_cookie); if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); @@ -665,6 +668,8 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; } else { + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", "0"); cookie_header = stringify_cookies(ptr_cookie); if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); @@ -709,6 +714,8 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc if (hydra_send(s, http_request, strlen(http_request), 0) < 0) return 1; } else { + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", "0"); cookie_header = stringify_cookies(ptr_cookie); if (!header_exists(&ptr_head, "Cookie", HEADER_TYPE_DEFAULT)) add_header(&ptr_head, "Cookie", cookie_header, HEADER_TYPE_DEFAULT); @@ -818,6 +825,9 @@ int start_http_form(int s, char *ip, int port, unsigned char options, char *misc if (verbose) hydra_report(stderr, "[VERBOSE] Page redirected to http://%s%s\n", str2, str3); + if (header_exists(&ptr_head, "Content-Length", HEADER_TYPE_DEFAULT)) + hdrrepv(&ptr_head, "Content-Length", "0"); + //re-use the code above to check for proxy use if (use_proxy == 1 && proxy_authentication != NULL) { // proxy with authentication