-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ffuf fails with zero-size responses #765
Comments
Hi @gnunez88, For the second question, please open another issue since those are different topics and a feature request. |
Hi @bsysop, I have removed the I'll DM you. |
@bsysop, sorry to bother you. How can I send you a message? I can only see you on X, but since I'm not verified I cannot message you. |
What is your X handler, so I can follow you? |
Edited: And yes, it is my handler, the ones I wanted there weren't available :-p. |
Followed |
Hello,
This is the second time I encounter this situation where I have to fuzz a RESTful API just to show a PoC and I find out
ffuf
fails to show the correct result.The thing is the API returns a JSON in the response body, but there is no
Content-Length
, which might be taken as0
, hence there is no way to filter the correct response because-fs
,-fw
,-fl
and-fs
seem to expect a non-zero body size.The problem is in the response, rather in the request, so it is not a
Content-Type
thing, as you see:I can sort this out proxying the traffic through BurpSuite, since it seems it does not rely on the
Content-Length
header:Thank you!
BTW, since
ffuf
has many options similar tocurl
, is it possible to specify files for POST requests? As you can see in the first image, I have to use"$(cat auth.login_with_options)"
, because-d @auth.login_with_options
would send one request with@auth.login_with_options
as the payload, instead of the contents of the file.The text was updated successfully, but these errors were encountered: