Develop Reference

How to correctly send the request body?

I'm starting to work with fasthttp in Golang and I can't figure out how to send key:value format. In default net/http I did it via url.values. I would appreciate it if you could help me with some sample code!
Image from Burp Suite (How it must look like)
var client *fasthttp.Client
var headerContentTypeJson = []byte("application/json")
type loginData struct {
login string
pass string
}
func main() {
readTimeout, _ := time.ParseDuration("500ms")
writeTimeout, _ := time.ParseDuration("500ms")
maxIdleConnDuration, _ := time.ParseDuration("1h")
client = &fasthttp.Client{
ReadTimeout: readTimeout,
WriteTimeout: writeTimeout,
MaxIdleConnDuration: maxIdleConnDuration,
NoDefaultUserAgentHeader: true, //
DisableHeaderNamesNormalizing: true, //
DisablePathNormalizing: true,
Dial: (&fasthttp.TCPDialer{
Concurrency: 4096,
DNSCacheDuration: time.Hour,
}).Dial,
}
reqTimeout := time.Duration(100) * time.Millisecond
reqData := &loginData{
login: "login",
pass: "password",
}
reqDataByte, _ := json.Marshal(reqData)
req := fasthttp.AcquireRequest()
req.SetRequestURI("https://oskelly.ru/api/v2/account/rawauth")
req.Header.SetMethod(fasthttp.MethodPost)
req.Header.SetContentTypeBytes(headerContentTypeJson)
req.SetBodyRaw(reqDataByte)
resp := fasthttp.AcquireResponse()
err := client.DoTimeout(req, resp, reqTimeout)
fasthttp.ReleaseRequest(req)
if err == nil {
statusCode := resp.StatusCode()
respBody := resp.Body()
fmt.Printf("DEEBUG Response: %s\n", respBody)
if statusCode == http.StatusOK {
respData := &loginData{}
err := json.Unmarshal(respBody, respData)
if err == io.EOF || err == nil {
fmt.Printf("DEBUG Parsed data Response %v\n")
} else {
fmt.Printf("ERR invalid HTTP response code: %d\n", statusCode)
}
}
fasthttp.ReleaseResponse(resp)
}}
enter image description here
Tried to figure out how to integrate url.values ​​into fasthttp

For request Body parameters:
req.Header.SetContentType("application/x-www-form-urlencoded; charset=UTF-8")
Form the request body in key=val string and not json. Can do a simple Stringer impl or req.PostArgs().Add(key, val)
req.PostArgs().Add("login", reqData.Login)
req.PostArgs().Add("pass", reqData.Pass)
Output request
POST / HTTP/1.1
Host: ....
Content-Length: 25
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
login=login&pass=password

golang unix domain socket based http server does not work

I am trying to write a simple Unix domain socket based http server in golang. Here is the code:
package main
import (
"fmt"
"log"
"net/http"
"net"
"os"
"encoding/json"
"os/signal"
"syscall"
)
type UnixListener struct {
ServerMux *http.ServeMux
SocketPath string
UID int
GID int
SocketFileMode os.FileMode
}
//////////////////////////////////////////////////////////////////////
// Start the HTTP server with UNIX socket.
//////////////////////////////////////////////////////////////////////
func (l *UnixListener) Start() error {
listener, err := net.Listen("unix", l.SocketPath)
if err != nil {
return err
}
if err := os.Chown(l.SocketPath, l.UID, l.GID); err != nil {
return err
}
if err := os.Chmod(l.SocketPath, l.SocketFileMode); err != nil {
return err
}
go func(){
shutdown(listener)
}()
svr := http.Server{
Handler: l.ServerMux,
}
if err := svr.Serve(listener); err != nil {
return err
} else {
return nil
}
}
//////////////////////////////////////////////////////////////////////
// Shutdown the HTTP server.
//////////////////////////////////////////////////////////////////////
func shutdown(listener net.Listener) {
c := make(chan os.Signal, 1)
signal.Notify(c, syscall.SIGHUP, syscall.SIGINT, syscall.SIGTERM, syscall.SIGQUIT)
s := <-c
listener.Close()
log.Fatalf("[FATAL] Caught a signal. sinal=%s", s)
}
func hello(w http.ResponseWriter, r *http.Request) {
log.Println("Received request %s", r.RequestURI)
fmt.Fprintf(w, "Hello World!\n")
w.Header().Set("ContentType", "application/json")
w.WriteHeader(http.StatusOK)
data := map[string]string { "name" : "satish"}
resp, _ := json.Marshal(data)
if _, err := w.Write(resp); err != nil {
fmt.Printf("Error writing response")
}
}
func main() {
mux := http.NewServeMux()
mux.HandleFunc("/hello", hello)
unixListener := UnixListener{
ServerMux: mux,
SocketPath: "/temp/test.sock",
UID: 501,
GID: 20,
SocketFileMode: 0644,
}
if err := unixListener.Start(); err != nil {
log.Fatalf("[FATAL] HTTP server error: %s", err)
}
}
But when I send the request to this UDS based server like below, the handler does not seem to be invoked, giving 404 not found error. What is the right way to implement UDS based http server and how to send the http request to it?
curl -vvv --unix-socket /temp/test.sock http:/hello
* Trying /Users/sburnwal/Projects/ACI/temp/test.sock:0...
* Connected to hello (/temp/test.sock) port 80 (#0)
> GET / HTTP/1.1
> Host: hello
> User-Agent: curl/7.84.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
< Content-Type: text/plain; charset=utf-8
< X-Content-Type-Options: nosniff
< Date: Mon, 14 Nov 2022 02:38:11 GMT
< Content-Length: 19
<
404 page not found
* Connection #0 to host hello left intact

It appears it's interpreting http:/hello in your command line as the host name and using that for the header. And then requesting / as the path
Try replacing http:/hello in your command line with http://hello/hello. I'm not sure if the single slash vs double-slash is significant. It just looks suspicious.
curl -vvv --unix-socket /temp/test.sock http://hello/hello
Or change your Go code to have a response handler for "/" instead of just for "/hello"
mux.HandleFunc("/hello", hello)
mux.HandleFunc("/", hello)

How can I use a uTLS connection when sending a request?

I'm trying to send a request using a Hello Chrome fingerprint by using the uTLS library, but after looking through the docs I'm struggling to figure out how to utilise the uTLS connection when sending a request.
I've got both parts of the code below, but not sure how to put them together, or if I'm even doing it the correct way.
package main
import (
"fmt"
"io/ioutil"
"net"
"net/http"
"net/http/cookiejar"
tls "github.com/refraction-networking/utls"
)
func main() {
tcpConn, err := net.Dial("tcp", "151.101.65.69:443")
if err != nil {
fmt.Printf("net.Dial() failed: %+v\n", err)
return
}
config := tls.Config{ServerName: "www.stackoverflow.com"}
tlsConn := tls.UClient(tcpConn, &config, tls.HelloChrome_Auto)
defer tlsConn.Close()
err = tlsConn.Handshake()
if err != nil {
fmt.Printf("uTlsConn.Handshake() error: %+v", err)
} else {
fmt.Println("Handshake met")
}
cookieJar, _ := cookiejar.New(nil)
client := &http.Client{
Jar: cookieJar,
Transport: &http.Transport{},
}
req, err := http.NewRequest("GET", "https://ja3er.com/json", nil)
req.Header.Add("user-agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36")
resp, err := client.Do(req)
if err != nil {
fmt.Println(err)
} else {
fmt.Println(resp.StatusCode)
body, _ := ioutil.ReadAll(resp.Body)
fmt.Println(string(body))
}
}

Simply move your code into Transport.DialTLSContext:
DialTLSContext specifies an optional dial function for creating
TLS connections for non-proxied HTTPS requests.
[...]
The returned net.Conn is assumed to already be
past the TLS handshake.
client := &http.Client{
Jar: cookieJar,
Transport: &http.Transport{
DialTLSContext: func(ctx context.Context, network, addr string) (net.Conn, error) {
// Note that hardcoding the address is not necessary here. Only
// do that if you want to ignore the DNS lookup that already
// happened behind the scenes.
tcpConn, err := (&net.Dialer{}).DialContext(ctx, network, addr)
if err != nil {
return nil, err
}
config := tls.Config{ServerName: "www.stackoverflow.com"}
tlsConn := tls.UClient(tcpConn, &config, tls.HelloChrome_Auto)
err = tlsConn.Handshake()
if err != nil {
return nil, fmt.Errorf("uTlsConn.Handshake() error: %w", err)
}
return tlsConn, nil
},
},
}

getting 404 in GET request in Go

When I use http://localhost:8080/login?id=ddfd#vcv.com&pwd=dccccf in postman or use it in android app I am getting 404. On curl I get
{"name":"Miss Moneypenny","email":"ddfd#vcv.com","password":"dccccf","mobile":27,"address":"dscsdacc"}
I am not able to understand what can I do to achieve json output in postman and on other platforms like Apps in ios as well as android when I use this api and also on the browser window.
My Main.go code
func getSession() *mgo.Session {
s, err := mgo.Dial("mongodb://localhost")
if err != nil {
panic(err)
}
return s
}
func main() {
r := httprouter.New()
uc := controllers.NewUserController(getSession())
r.GET("/login", uc.LoginUser)
http.ListenAndServe(":8080", r)
}
code in controller/user.go
type UserController struct {
session *mgo.Session
}
func NewUserController(s *mgo.Session) *UserController {
return &UserController{s}
}
func (uc UserController) LoginUser(w http.ResponseWriter, request *http.Request, params httprouter.Params) {
dump,err :=httputil.DumpRequest(request, true)
if err != nil {
http.Error(w, fmt.Sprint(err), http.StatusInternalServerError)
return
}
fmt.Println("Request Dump:\n", string(dump))
encodedValue := request.URL.Query().Get("id")
pwd := request.URL.Query().Get("pwd")
emailId, err := url.QueryUnescape(encodedValue)
if err != nil {
log.Fatal(err)
return
}
u := models.User{}
if err := uc.session.DB("go-web-dev-db").C("users").FindId(emailId + pwd).One(&u); err != nil {
w.WriteHeader(404)
return
}
uj, err := json.Marshal(u)
if err != nil {
fmt.Println(err)
}
w.Header().Set("Content-Type", "application/json")
w.WriteHeader(http.StatusOK) // 200
fmt.Fprintf(w, "%s\n", uj)
}
code in model/user.go
type User struct {
Name string `json:"name" bson:"name"`
Email string `json:"email" bson:"_id"`
Password string `json:"password" bson:"password"`
Mobile int `json:"mobile" bson:"mobile"`
Address string `json:"address" bson:"address"`
}
After using dump when I am using i am using curl 'http://localhost:8080/login?id=ddfd#vcv.com&pwd=dccccf' I get :-
Request Dump:
GET /login?id=ddfd#vcv.com&pwd=dccccf HTTP/1.1
Host: localhost:8080
Accept: */*
User-Agent: curl/7.69.1
After using dump when I am using i am using http://localhost:8080/login?id=ddfd#vcv.com&pwd=dccccf in postman I get :-
Request Dump:
GET /login?id=ddfd#vcv.com&pwd=dccccf HTTP/1.1
Host: localhost:8080
Accept: */*
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
Postman-Token: 8e925738-b8db-4656-9f53-813f4cd53a80
User-Agent: PostmanRuntime/7.24.1

http NewRequest get unexpected characters

I try to parse a page with this code :
client := &http.Client{}
profile := getEpiURL(login)
log.Print("Fetch " + profile)
req, err := http.NewRequest("GET", profile, nil)
if err != nil {
log.Fatal(err)
}
req.AddCookie(cookieSessionIntra)
body, _ := httputil.DumpRequestOut(req, true)
With this as getEpiURL function :
func getEpiURL(login string) (url string) {
url = "https://********/user/" + login + "/?format=json"
return
}
And when i look at the output the profile variable is good, but in the Request it seems obviously wrong...
2016/11/24 12:53:53 Fetch https://********/user/le****in-vi**rd#e*******/?format=json
Then the debug for the request prints me :
GET /user/%00l%*****0o%*00.%00c***0-%00v%00i%0*a%00r%00d%00#%00e%00i%00t%00e%00c%0***0.%0***00/?format=json
HTTP/1.1 Host: ****** User-Agent: Go-http-client/1.1 Cookie:
PHPSESSID=********* Accept-Encoding: gzip

I think your original string somehow contains NUL characters. Try this out in the playground:
func main() {
req, err := http.NewRequest("GET", "https://some/normal/path", nil)
if err != nil {
log.Fatal(err)
}
body, _ := httputil.DumpRequestOut(req, true)
fmt.Printf("Hello, playground, %q", body)
}
You'll get:
"GET /normal/path HTTP/1.1\r\nHost: some...
Now try it with a string in which you inserted NUL characters:
req, err := http.NewRequest("GET", "https://some/\000n\000o\000rmal/path", nil)
...
"GET /%00n%00o%00rmal/path HTTP/1.1\r\nHost: some...
Not quite sure how your string ended up containing those. Read more about percent encoding.