diff --git a/lib/core/agent.py b/lib/core/agent.py index eec5c356a..07564e9a3 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -121,9 +121,6 @@ class Agent: retValue = paramString.replace("%s=%s" % (parameter, origValue), "%s=%s" % (parameter, self.addPayloadDelimiters(newValue))) - # Debug print - #print "retValue:", retValue - return retValue def fullPayload(self, query): diff --git a/lib/core/target.py b/lib/core/target.py index 74b7707eb..090c83918 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -147,8 +147,10 @@ def __setRequestParams(): # Perform checks on header values if conf.httpHeaders: for httpHeader, headerValue in conf.httpHeaders: + # Url encoding of the header values should be avoided + # Reference: http://stackoverflow.com/questions/5085904/is-ok-to-urlencode-the-value-in-headerlocation-value + if httpHeader == PLACE.UA: - # No need for url encoding/decoding the user agent conf.parameters[PLACE.UA] = urldecode(headerValue) condition = any((not conf.testParameter, intersect(conf.testParameter, USER_AGENT_ALIASES))) @@ -158,7 +160,6 @@ def __setRequestParams(): __testableParameters = True elif httpHeader == PLACE.REFERER: - # No need for url encoding/decoding the referer conf.parameters[PLACE.REFERER] = urldecode(headerValue) condition = any((not conf.testParameter, intersect(conf.testParameter, REFERER_ALIASES))) @@ -168,7 +169,6 @@ def __setRequestParams(): __testableParameters = True elif httpHeader == PLACE.HOST: - # No need for url encoding/decoding the host conf.parameters[PLACE.HOST] = urldecode(headerValue) condition = any((not conf.testParameter, intersect(conf.testParameter, HOST_ALIASES)))