merged dev

Author: c-f

Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.16.6-alpine as build-env
+FROM golang:1.17.4-alpine as build-env
 RUN GO111MODULE=on go get -v github.com/projectdiscovery/simplehttpserver/cmd/simplehttpserver
 
 FROM alpine:latest

internal/runner/options.go

@@ -31,6 +31,8 @@ type Options struct {
 	Silent         bool
 	Sandbox        bool
 	MaxFileSize    int
+	HTTP1Only      bool
+	MaxDumpBodySize int
 }
 
 // ParseOptions parses the command line options for application
@@ -56,8 +58,9 @@ func ParseOptions() *Options {
 	flag.BoolVar(&options.Version, "version", false, "Show version of the software")
 	flag.BoolVar(&options.Silent, "silent", false, "Show only results in the output")
 	flag.BoolVar(&options.Sandbox, "sandbox", false, "Enable sandbox mode")
+	flag.BoolVar(&options.HTTP1Only, "http1", false, "Enable only HTTP1")
 	flag.IntVar(&options.MaxFileSize, "max-file-size", 50, "Max Upload File Size")
-
+	flag.IntVar(&options.MaxDumpBodySize, "max-dump-body-size", -1, "Max Dump Body Size")
 	flag.Parse()
 
 	// Read the inputs and configure the logging

internal/runner/runner.go

@@ -5,6 +5,7 @@ import (
 	"github.com/projectdiscovery/simplehttpserver/pkg/binder"
 	"github.com/projectdiscovery/simplehttpserver/pkg/httpserver"
 	"github.com/projectdiscovery/simplehttpserver/pkg/tcpserver"
+	"github.com/projectdiscovery/simplehttpserver/pkg/unit"
 )
 
 // Runner is a client for running the enumeration process.
@@ -59,6 +60,8 @@ func New(options *Options) (*Runner, error) {
 		Verbose:           r.options.Verbose,
 		Sandbox:           r.options.Sandbox,
 		MaxFileSize:       r.options.MaxFileSize,
+		HTTP1Only:         r.options.HTTP1Only,
+		MaxDumpBodySize:   unit.ToMb(r.options.MaxDumpBodySize),
 	})
 	if err != nil {
 		return nil, err

pkg/httpserver/httpserver.go

@@ -1,6 +1,7 @@
 package httpserver
 
 import (
+	"crypto/tls"
 	"errors"
 	"net/http"
 	"os"
@@ -23,7 +24,9 @@ type Options struct {
 	BasicAuthReal     string
 	Verbose           bool
 	Sandbox           bool
+	HTTP1Only         bool
 	MaxFileSize       int // 50Mb
+	MaxDumpBodySize   int64
 }
 
 // HTTPServer instance
@@ -77,9 +80,20 @@ func New(options *Options) (*HTTPServer, error) {
 	return &h, nil
 }
 
+func (t *HTTPServer) makeHTTPServer(tlsConfig *tls.Config) *http.Server {
+	httpServer := &http.Server{Addr: t.options.ListenAddress}
+	if t.options.HTTP1Only {
+		httpServer.TLSNextProto = make(map[string]func(*http.Server, *tls.Conn, http.Handler))
+	}
+	httpServer.TLSConfig = tlsConfig
+	httpServer.Handler = t.layers
+	return httpServer
+}
+
 // ListenAndServe requests over http
 func (t *HTTPServer) ListenAndServe() error {
-	return http.ListenAndServe(t.options.ListenAddress, t.layers)
+	httpServer := t.makeHTTPServer(nil)
+	return httpServer.ListenAndServe()
 }
 
 // ListenAndServeTLS requests over https
@@ -91,11 +105,7 @@ func (t *HTTPServer) ListenAndServeTLS() error {
 		if err != nil {
 			return err
 		}
-		httpServer := &http.Server{
-			Addr:      t.options.ListenAddress,
-			TLSConfig: tlsConfig,
-		}
-		httpServer.Handler = t.layers
+		httpServer := t.makeHTTPServer(tlsConfig)
 		return httpServer.ListenAndServeTLS("", "")
 	}
 	return http.ListenAndServeTLS(t.options.ListenAddress, t.options.Certificate, t.options.CertificateKey, t.layers)

pkg/httpserver/loglayer.go

@@ -14,35 +14,49 @@ var (
 	EnableVerbose bool
 )
 
+func (t *HTTPServer) shouldDumpBody(bodysize int64) bool {
+	return t.options.MaxDumpBodySize > 0 && bodysize > t.options.MaxDumpBodySize
+}
+
 func (t *HTTPServer) loglayer(handler http.Handler) http.Handler {
 	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
-		fullRequest, _ := httputil.DumpRequest(r, true)
-		lrw := newLoggingResponseWriter(w)
+		var fullRequest []byte
+		if t.shouldDumpBody(r.ContentLength) {
+			fullRequest, _ = httputil.DumpRequest(r, false)
+		} else {
+			fullRequest, _ = httputil.DumpRequest(r, true)
+		}
+		lrw := newLoggingResponseWriter(w, t.options.MaxDumpBodySize)
 		handler.ServeHTTP(lrw, r)
 
 		if EnableVerbose {
 			headers := new(bytes.Buffer)
 			lrw.Header().Write(headers) //nolint
 			gologger.Print().Msgf("\nRemote Address: %s\n%s\n%s %d %s\n%s\n%s\n", r.RemoteAddr, string(fullRequest), r.Proto, lrw.statusCode, http.StatusText(lrw.statusCode), headers.String(), string(lrw.Data))
 		} else {
-			gologger.Print().Msgf("%s \"%s %s %s\" %d %d", r.RemoteAddr, r.Method, r.URL, r.Proto, lrw.statusCode, len(lrw.Data))
+			gologger.Print().Msgf("%s \"%s %s %s\" %d %d", r.RemoteAddr, r.Method, r.URL, r.Proto, lrw.statusCode, lrw.Size)
 		}
 	})
 }
 
 type loggingResponseWriter struct {
 	http.ResponseWriter
-	statusCode int
-	Data       []byte
+	statusCode  int
+	Data        []byte
+	Size        int
+	MaxDumpSize int64
 }
 
-func newLoggingResponseWriter(w http.ResponseWriter) *loggingResponseWriter {
-	return &loggingResponseWriter{w, http.StatusOK, []byte{}}
+func newLoggingResponseWriter(w http.ResponseWriter, maxSize int64) *loggingResponseWriter {
+	return &loggingResponseWriter{w, http.StatusOK, []byte{}, 0, maxSize}
 }
 
 // Write the data
 func (lrw *loggingResponseWriter) Write(data []byte) (int, error) {
-	lrw.Data = append(lrw.Data, data...)
+	if len(lrw.Data) < int(lrw.MaxDumpSize) {
+		lrw.Data = append(lrw.Data, data...)
+	}
+	lrw.Size += len(data)
 	return lrw.ResponseWriter.Write(data)
 }
 

pkg/httpserver/uploadlayer.go

@@ -10,6 +10,7 @@ import (
 	"strings"
 
 	"github.com/projectdiscovery/gologger"
+	"github.com/projectdiscovery/simplehttpserver/pkg/unit"
 )
 
 // uploadlayer handles PUT requests and save the file to disk
@@ -44,7 +45,7 @@ func (t *HTTPServer) uploadlayer(handler http.Handler) http.Handler {
 				err  error
 			)
 			if t.options.Sandbox {
-				maxFileSize := toMb(t.options.MaxFileSize)
+				maxFileSize := unit.ToMb(t.options.MaxFileSize)
 				// check header content length
 				if r.ContentLength > maxFileSize {
 					gologger.Print().Msg("request too large")

pkg/httpserver/util.go

@@ -0,0 +1,6 @@
+package unit
+
+// ToMb converts bytes to megabytes
+func ToMb(n int) int64 {
+	return int64(n) * 1024 * 1024
+}