Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

UX: confusing message on remote HTTP Error 400: Bad Request error #48

Open
moaeddy opened this issue Jan 18, 2018 · 4 comments
Open

UX: confusing message on remote HTTP Error 400: Bad Request error #48

moaeddy opened this issue Jan 18, 2018 · 4 comments
Labels
to be documented user experience impacts user experience or something is confusing to newcommers
Milestone
Release 3.1

Comments

@moaeddy
Copy link

moaeddy commented Jan 18, 2018

i keep getting error when i tried using UPLOAD syntax

-] HTTP Error 400: Bad Request
[-] upload: Python runtime error (exception occured):
[!] Request Error: Communication with the server impossible
@nil0x42
Copy link
Owner

nil0x42 commented Jan 19, 2018

So, this error comonly happens when the target server doesn't support payloads sent by phpsploit.
most of the time, the server only accepts requests with no more than N headers (10, for example), or headers size is limited on server-side.

The upload command sends and encoded version of the WHOLE file, so it is more likely to raise an error because sent payload exeeds some limit.

The simplest way to fix this is by setting REQ_DEFAULT_METHOD to POST instead of GET:

> set REQ_DEFAULT_METHOD "POST"

this fixes the issue on most cases because web servers tend to accept much larger POST requests than GET, if the issue persists, maybe the servers can't handle POST requests above a certain threshold, which you can settle by changing REQ_MAX_POST_SIZE.

If you want to keep using GET requests (as they tend to be more stealth), you can settle the values of the following variables:

  • REQ_MAX_HEADERS
  • REQ_MAX_HEADER_SIZE

NOTE: you can easily get help on settings, and the purpose of each setting using the help command:

general help about features of the set command:

> help set

get informations about a specific setting, REQ_DEFAULT_METHOD in this example:

> help set REQ_DEFAULT_METHOD

list settings (and their current values):

> set

list all setting who start with 'REQ_'

> set REQ_

If the problem persists after properly settling your settings, they are other very rare and specific case which we can discuss later.

@moaeddy
Copy link
Author

moaeddy commented Jan 19, 2018

thanks that fix it for me, is it possible to run a file on remove PC? assuming file already exist and you want it executed

@nil0x42
Copy link
Owner

nil0x42 commented Jan 19, 2018

Hi, i recommend you to use the help command, if you are already connected to a remove server with phpsploit, the help for plugins will appear.
For your case, i'd use the run command (which will of course only be available if the user running php has execution permission)

@nil0x42 nil0x42 closed this as completed Aug 8, 2018
@nil0x42
Copy link
Owner

nil0x42 commented Feb 20, 2019

Update: this issue in an indicator of confusing error message.
Re-opening to keep track of the need to add an error message with recomendations on settling REQ_* settings when a Error 400: Bad Request appears.

@nil0x42 nil0x42 reopened this Feb 20, 2019
@nil0x42 nil0x42 added this to the Release 3.1 milestone Feb 20, 2019
@nil0x42 nil0x42 added to be documented user experience impacts user experience or something is confusing to newcommers labels Feb 20, 2019
@nil0x42 nil0x42 changed the title Upload error UX: confusing message on remote HTTP Error 400: Bad Request error Feb 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
to be documented user experience impacts user experience or something is confusing to newcommers
Projects
None yet
Milestone
Release 3.1
Development

No branches or pull requests
2 participants
@nil0x42 @moaeddy