URL encoding issue

Edit

KingRules

04 Sep, 2017 02:33 PM

Hi,

My web application is performing a post request with encoded timestamp field with time zone offset, when this request is passed through Arachni scanner proxy, the special chars in the URL are decoded by Arachni somehow incorrectly(not sure if this is correct). do this server is giving 500 server error.

URL: https://my-page.web.com/submit? saveTime=2017-08-31T17%3A47%3A24%2B01%3A00
Changed URL at proxy: https://my-page.web.com/submit? saveTime=2017-08-31T17:47:24%2001:00

can you please help how i can overcome this ? is there any settings ?

1 Posted by KingRules on 04 Sep, 2017 02:37 PM

problem i could see B which is part of %2B is getting decoded as 20 not the entire %2B word
- Edit
Support Staff 2 Posted by Tasos Laskos on 06 Sep, 2017 03:17 PM

Actually, what's happening is that %2B is decoded to +, but + is also decoded which basically turns it into %20 since they both mean space.

There seems to be an issue with the URL normalization process, I'll look into it and let you know.

Cheers
- Edit
3 Posted by KingRules on 06 Sep, 2017 03:28 PM

thanks @Tasos Laskos , will wait for the response
- Edit
Support Staff 4 Posted by Tasos Laskos on 07 Sep, 2017 03:32 PM

I think I fixed it properly, running some tests now to verify.
- Edit
5 Posted by KingRules on 08 Sep, 2017 01:46 PM

superb, thanks for looking into this quickly
- Edit
Support Staff 6 Posted by Tasos Laskos on 09 Sep, 2017 02:49 PM

Nightlies are up, give them a shot please.
- Edit
7 Posted by KingRules on 11 Sep, 2017 10:12 AM

thanks tested with arachni-2.0dev-1.0dev-linux-x86_64.tar.gz 08-Sep-2017 10:58 179M Linux archive for x86 64bit architectures.
it seems to be working.
thanks
can you please tell me when will the formal release planned ?
- Edit
Support Staff 8 Posted by Tasos Laskos on 12 Sep, 2017 04:23 PM

I'm sorry I don't have a timetable for that yet.
- Edit
9 Posted by KingRules on 12 Sep, 2017 04:24 PM

thats fine, thanks anyways for looking into it
- Edit
Support Staff 10 Posted by Tasos Laskos on 12 Sep, 2017 04:31 PM

No worries.
- Edit
Tasos Laskos closed this discussion on 12 Sep, 2017 04:31 PM.

Comments are currently closed for this discussion. You can start a new one.

New Issue
Conversation Started
The discussion is closed

No more actions from Arachni or the discussion starter are required.
Re-open the discussion Re-open the discussion

Private Permissions

This discussion is private. Only you and Arachni support staff can see and reply to it.

Public Permissions

This discussion is public. Everyone can see and reply to it.

Comments Feed

Keyboard shortcuts

Generic

?	Show this help
ESC	Blurs the current field

Comment Form

r	Focus the comment reply box
^ + ↩	Submit the comment

You can use Command ⌘ instead of Control ^ on Mac

Recent Discussions

	29 Jul, 2024 06:44 AM	Dear arachni-scanner.com Owner.
	15 Feb, 2024 09:48 AM	Arachni download
	12 Jan, 2024 12:01 AM	We're sorry, but something went wrong.
	19 Oct, 2023 06:03 PM	Error - Not able Scan /ruby/lib/ruby/gems/2.7.0/gems/arachni-1.6.1.3/lib/arachni/rpc/server/framework.rb:156:in `block in run'
	12 Aug, 2023 11:04 AM	Error when launching arachni_web

Recent Articles

	Logging in and maintaining a valid session
	Optimizing for faster scans
	Service scanning
	Software as a Service (Saas)

Arachni Support

URL encoding issue

KingRules

New Issue

Conversation Started

The discussion is closed

Re-open the discussion Re-open the discussion