Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

二进制流数据处理问题 #1442

Open
cgddgc opened this issue Feb 22, 2024 · 3 comments
Open

二进制流数据处理问题 #1442

cgddgc opened this issue Feb 22, 2024 · 3 comments

Comments

@cgddgc
Copy link

cgddgc commented Feb 22, 2024

对于在响应体中的二进制数据,没法像burp那样可以保存原始数据,保存下来的和真实原始数据不一样,建议像burp一样增加以16进制查看或者保存原始未经编码数据的功能
@rookieBC rookieBC added bug Something isn't working and removed bug Something isn't working labels Feb 23, 2024
@rookieBC
Copy link
Collaborator

师傅有具体一点的案例吗,我们测试过一些二进制文件,使用下载body功能是没有问题的

@cgddgc
Copy link
Author

cgddgc commented Feb 27, 2024

这个跟响应头有关,如果响应头content-type是application/octet-stream之类的就不会,但如果是text/html之类的就会,我是在测试传输java序列化数据的时候发现的,请求和响应都是java对象的序列化流,但是响应头content-type是text/html,有些服务器虽然响应头的content-type是text类型,但实际上是二进制数据,这种情况就会出现这个问题

@WAY29
Copy link
Collaborator

WAY29 commented Feb 29, 2024

大概清楚问题了,这是因为服务端错误地返回了一个Content-Type,而引擎会因此尝试识别并修复响应体的字符集,这个问题主要存在于响应体存在非UTF-8字符的情况下。

临时解决办法是开启WebFuzzer - Fuzzer 配置- 请求包配置 - 不修复长度这个功能:
image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cgddgc @WAY29 @rookieBC