Skip to content

Fix incorrect body parsing on multipart requests#2

Open
int3x wants to merge 2 commits into
senderend:masterfrom
int3x:fix-multipart-body-parse
Open

Fix incorrect body parsing on multipart requests#2
int3x wants to merge 2 commits into
senderend:masterfrom
int3x:fix-multipart-body-parse

Conversation

@int3x
Copy link
Copy Markdown

@int3x int3x commented May 22, 2026

This PR has two fixes.
First, it fixes the following AttributeError:

[*] (HTTP): Client requested path: /
[*] (HTTP): Connection from 10.129.238.243 controlled, attacking target http://gpz-op26-secure.ghostlink.htb
[-] (HTTP): Exception while Negotiating NTLM with http://gpz-op26-secure.ghostlink.htb: "'NTLMRelayxConfig' object has no attribute 'remove_target'"
[-] (HTTP): Negotiating NTLM with http://gpz-op26-secure.ghostlink.htb failed

I've not looked into why it popped up. If I had to guess, it'd be due to changes made to ntlmrelayx.py for the --remove-sign-seal option (CVE-2025-33073).

Second, it fixes the incorrect body parsing on multipart requests.
The function prepareRequest in lib/relay/servers/socksplugins/http.py uses \r\n\r\n to split the request into header and body.
However, it has edge cases. For example, POST requests with multipart/form-data can contain additional \r\n\r\n of their own between each part's mini-headers and content.

int3x added 2 commits May 22, 2026 01:52
@int3x
Add missing remove_target attribute to NTLMRelayxConfig
31df3d3
@int3x
Fix incorrect body parsing on multipart requests
1bfc6e9 
Using b"\r\n\r\n" to parse requests into header and body has edge cases.
For example, multipart bodies contain additional CRLF separators in the body
(between each part's mini-headers and its content).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@int3x