Replies: 1 comment 3 replies
-
|
@c4ir0 this already fixed in https://github.com/projectdiscovery/httpx/releases/tag/v1.2.5 |
Beta Was this translation helpful? Give feedback.
-
What's the way to update ? |
Beta Was this translation helpful? Give feedback.
-
|
https://github.com/projectdiscovery/httpx#installation-instructions, installing/updating step is the same. |
Beta Was this translation helpful? Give feedback.
-
Thx UwU |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
while it's very useful function in httpx and I really love it, but I can add a little details which will improve it's accuracy by 90 % [I hope]
my talk abiut -favicon, flag I know it's simple to use just pass the domain name and it will calculate the hash and give U lovely result like :
echo www.domain.com | httpx -faviconthe function adds /favicon.ico suffix to the url you added then start to calculate the hash and that might be poor implementaion for some reasons :
1 - I could pass full url [as I usually was doing before I notice ] like :
the tool her just adds the suffix [/favicon.ico ]to the base URL and clculate the hash and the result here is totally wrong [as no valid url ends up with ../favicon.ico/favicon.ico ]
2 - some may say it's easy U could just pass the domain name not full url, I'd say ur right this really might work [might !], see these websites real urls of the favicon.ico :
https://static.domain.com/images/favicon.ico
https://domain.org/static/assets/favicon.ico
https://static.domain.com/gallery/pics/another-sub-path/.../favicon.ico
You will notice that the favicon may existed in nested path and doesn't existed in the / or maybe hosted in a subdomain "static.domain.tld" and just adding the suffix will get U another wrong result [in cases I faced alot ]
💡 Solution :
Hint: just get the real favicon.ico url and then start to calculate the hash like :
so my suggestion is : U pass the domain name to httpx --> httpx requests the domain then --> extracts the favicon url --> calculates the hash --> totally correct result 😺
advanced_Enhancement_1: You may find the favicon exists as an endpoint not full url "
/static/assets/favicon.ico" so the tool may check if the extraction doesn't have http:// at the begining of it, if so it adds the https://domain.com before the endpoint then --> calculationadvanced_Enhancement_2 : the favicon may not exist at all in the domain U requested so the tool may have to get it passively through (e.g. https://archive.org/web/)
Beta Was this translation helpful? Give feedback.
All reactions