Large number of cookies exceeding the defined buffer size can crash the script

[shiblisec]

I recently discovered that if a target has a large number of cookies the script doesn't handle it well and starts crashing. for instance, if an app has the following cookies set.

and if the client is listening to a connection on JSshell, the moment the target will send a large number of cookies the script will restart, refer to the below screenshot.

The reason why the above behavior is happening is because of the following lines of code.

 try:
        c, addr = s.accept()
        resp = c.recv(1024).decode()
    except KeyboardInterrupt:
        if sys.platform == 'win32':
                print('\nControl-C')
        exit()
    except:
        s.close()
        main()

In the above code, the buffer size for c.recv is hard coded to the value of 1024 so if a response is received that is greater than the buffer size the application throws an exception and starts the main() function again.

To tackle this problem I have introduced -b flag using which users can provide a custom buffer size if the target application is storing a large number of cookies.

[shiblisec]

It's still not working

The reason for this could be different payload lengths, 1024 defines the max buffer size it does not define the starting and ending point of a payload.

[shelld3v]

1024 defines the max buffer size it does not define the starting and ending point of a payload.

I know, but after the buffer is fully received, b in the next round will become an empty string and therefore the loop should break