net/http: wish - optional turning off fixLength #34890
Labels
Comments
|
While it sounds like you're doing fun stuff, we're (un)fortunately not going to complicate the API for a few specialized users. You can either locally fork the net/http package, or just use the lower-level primitives (do your own TCP dials + use net/http.ReadResponse, etc.) |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
No bug, just an idea/wish, Go version 1.13
In malware research, it is essential to be able to examine server responses in an unmodified form - it is common that malware CC servers reply with an error status code, but still embed essential data in its body (403 is notorious) that the malware interprets. Malware researchers sometimes write trackers that emulate certain malwares. These emulations mostly works fine with the current net/http client in Go, but it currently throws away the body completely if the server returns a status code 1xx, 204, or 304 - this occurs in transfer.go, fixLength and bodyAllowedForStatus functions. Of course this is RFC conforming, but malware authors could use this as a way to hide CC responses such that Go client would not see the body. So it would be nice to have a kind of raw support for such cases, maybe as an additional "bodyRaw" field.
The text was updated successfully, but these errors were encountered: