[BUG] Replay Proxy Hanging - (workaround implemented 2.6.0)

[godylockz]

Not exactly sure what is going on here, but seems like the replay-proxy hangs if the method is POST as it works fine with GET

HTB Box: CrossfitTwo
Requires crossfit-club.htb in host file.

test.txt

signup
login

feroxbuster -u http://crossfit-club.htb/api/ -w test.txt -m POST -k --no-state --replay-proxy 127.0.0.1:8080 --replay-codes 200,301,302,401,403 -vvvv

Appears to be hanging in process_response of /src/event_handlers/outputs.rs

[epi052]

thankfully, this is an easy one.

in addition to -m POST, you need to add --data some-value . Burp gets upset at posts without a body (or at least the (lack of)body that gets produced by feroxbuster.

Might be good to dig a little at what the request looks like with -m POST and no --data to see where it's malformed/weird, and then fix it up when the user specifies a post request without data.

[epi052]

After much digging / dinking around with different reqwest settings, I'm at a loss for a fix that doesn't require setting an arbitrary body payload when one isn't provided. I filed an issue here to see if there's any help to be had.

[epi052]

Pending a better solution, when --proxy or --replay-proxy is used, and --method=POST and --data isn't used, then \r\n is appended to the request body as a (hopefully) temporary workaround.