You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In malware research, it is essential to be able to examine server responses in an unmodified form - it is common that malware CC servers reply with an error status code, but still embed essential data in its body (403 is notorious) that the malware interprets. Malware researchers sometimes write trackers that emulate certain malwares. These emulations mostly works fine with the current net/http client in Go, but it currently throws away the body completely if the server returns a status code 1xx, 204, or 304 - this occurs in transfer.go, fixLength and bodyAllowedForStatus functions. Of course this is RFC conforming, but malware authors could use this as a way to hide CC responses such that Go client would not see the body. So it would be nice to have a kind of raw support for such cases, maybe as an additional "bodyRaw" field.
The text was updated successfully, but these errors were encountered:
No bug, just an idea/wish, Go version 1.13
In malware research, it is essential to be able to examine server responses in an unmodified form - it is common that malware CC servers reply with an error status code, but still embed essential data in its body (403 is notorious) that the malware interprets. Malware researchers sometimes write trackers that emulate certain malwares. These emulations mostly works fine with the current net/http client in Go, but it currently throws away the body completely if the server returns a status code 1xx, 204, or 304 - this occurs in transfer.go, fixLength and bodyAllowedForStatus functions. Of course this is RFC conforming, but malware authors could use this as a way to hide CC responses such that Go client would not see the body. So it would be nice to have a kind of raw support for such cases, maybe as an additional "bodyRaw" field.
The text was updated successfully, but these errors were encountered: