Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

same md5 response body hash for any host #1124

Closed
ehsandeep opened this issue Apr 30, 2023 · 1 comment · Fixed by projectdiscovery/utils#147
Closed

same md5 response body hash for any host #1124

ehsandeep opened this issue Apr 30, 2023 · 1 comment · Fixed by projectdiscovery/utils#147
Assignees
@Mzack9999
Labels
Priority: High After critical issues are fixed, these should be dealt with before any further issues. Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Milestone
httpx v1.3.1 (buf...

Comments

@ehsandeep
Copy link
Member

httpx version:

latest

Current Behavior:

md5 hash for any host is the same!

chaos -d hackerone.com | httpx -hash md5

http://a.ns.hackerone.com [d41d8cd98f00b204e9800998ecf8427e]
https://www.hackerone.com [d41d8cd98f00b204e9800998ecf8427e]
http://b.ns.hackerone.com [d41d8cd98f00b204e9800998ecf8427e]
https://mta-sts.forwarding.hackerone.com [d41d8cd98f00b204e9800998ecf8427e]
https://mta-sts.hackerone.com [d41d8cd98f00b204e9800998ecf8427e]
https://mta-sts.managed.hackerone.com [d41d8cd98f00b204e9800998ecf8427e]
https://api.hackerone.com [d41d8cd98f00b204e9800998ecf8427e]
https://gslink.hackerone.com [d41d8cd98f00b204e9800998ecf8427e]
https://support.hackerone.com [d41d8cd98f00b204e9800998ecf8427e]
https://docs.hackerone.com [d41d8cd98f00b204e9800998ecf8427e]
https://resources.hackerone.com [d41d8cd98f00b204e9800998ecf8427e]

Expected Behavior:

Unique hash based on response.

Steps To Reproduce:

chaos -d hackerone.com | httpx -hash md5
@ehsandeep ehsandeep added the Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. label Apr 30, 2023
@Mzack9999 Mzack9999 self-assigned this May 7, 2023
@Mzack9999 Mzack9999 mentioned this issue May 7, 2023
Merged
@Mzack9999
Copy link
Member

Mzack9999 commented May 7, 2023
edited
Loading

All hashes calculation are affected as the body is always empty. Probably this is also the reason of other bugs related to body pattern extraction and elaboration.
Indirectly fixed by projectdiscovery/utils#147

$ go get -v github.com/projectdiscovery/utils@bugfix-resp-body
$ echo docs.hackerone.com | go run . -json | jq
...
"body_md5":"d0cacc366c04bd8d1a1d445f8cfa9b0d"
...

@Mzack9999 Mzack9999 added the Priority: High After critical issues are fixed, these should be dealt with before any further issues. label May 7, 2023
@ehsandeep ehsandeep added the Status: Review Needed The issue has a PR attached to it which needs to be reviewed label May 8, 2023
@ehsandeep ehsandeep added Status: Completed Nothing further to be done with this issue. Awaiting to be closed. and removed Status: Review Needed The issue has a PR attached to it which needs to be reviewed labels May 8, 2023
@ehsandeep ehsandeep added this to the httpx v1.3.1 (bufix release) milestone May 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Mzack9999 Mzack9999

Labels
Priority: High After critical issues are fixed, these should be dealt with before any further issues. Status: Completed Nothing further to be done with this issue. Awaiting to be closed. Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
httpx v1.3.1 (bufix release)
Development

Successfully merging a pull request may close this issue.

Fixing resp body reuse projectdiscovery/utils
2 participants
@ehsandeep @Mzack9999