Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Empty HTTP 200 OK response results in "URL doesn't seem to be a webpage. Skipping." #222

Open
BreakfastSerial opened this issue Dec 6, 2024 · 2 comments
Open

Empty HTTP 200 OK response results in "URL doesn't seem to be a webpage. Skipping." #222

BreakfastSerial opened this issue Dec 6, 2024 · 2 comments

Comments

@BreakfastSerial
Copy link

I am working with a web application, that offers a resource download endpoint (e.g. https://example.com/download?id=1), if the id is omitted, it responds with an empty HTTP 200 OK, which is expected.

I want to use Arjun to help me find alternative parameters, but It refuses to work with empty HTTP 200 OK responses.

Using Arjun v2.2.7, installed via pip on Kali.
@s0md3v
Copy link
Owner

s0md3v commented Dec 19, 2024

Can you post the response headers here? It is likely that the content-type is messed up.

@BreakfastSerial
Copy link
Author

BreakfastSerial commented Jan 23, 2025
edited
Loading

Sorry about the late reply, I'll have to dig out the project again, but I'll provide the response in a bit. Thank you for your work! Edit: I found the request/response in question:

If the parameter id=1 is missing, the servers response looks like:

HTTP/2 200 OK
Cache-Control: no-cache, no-store, must-revalidate,no-cache, no-store
Pragma: no-cache,no-cache
Expires: 0,-1
Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token
Strict-Transport-Security: max-age=31536000
X-Frame-Options: DENY
X-Xss-Protection: 1;
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: accelerometer=(), camera=(); geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Date: <DATE>
Content-Length: 0

While the response including the required parameter id=1 is:

HTTP/2 200 OK
Cache-Control: no-cache, no-store, must-revalidate,no-cache, no-store
Pragma: no-cache,no-cache
Content-Type: application/pdf
Expires: 0,-1
Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token
Strict-Transport-Security: max-age=31536000
X-Frame-Options: DENY
X-Xss-Protection: 1;
Content-Security-Policy: frame-ancestors 'self'
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: accelerometer=(), camera=(); geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
Date: <DATE>
Content-Length: <LENGTH>

%PDF-1.5[...]

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@s0md3v @BreakfastSerial