Base64 encoded headers evade analysis for matching
AP41000 opened this issue · 0 comments
Does fdm decode base64 and quoted printable strings in headers before any matching is done ? (NB : I didn't parse the code to confirm it.)
If not, could fdm implement some in-memory (the original content would be left as-read) unfolding (maybe already done) and decoding of quoted-printable and base64 encoded strings in headers ? Without that, regular expression matching misses things. I tried to implement a workaround with some temporary extra headers but I can't find anything to put the result of a pipe command into a new header.
To preserve compatibility with existing configurations, a "decoded"/"undecoded" directive could be added to fdm config syntax to explicitely tell rdm to parse a decoded or an undecoded header/body string.
PS : some info about my config...
- fdm release : 2.2
- OS : Arch linux
- Arch package version : 2.2-2
- Kernel : 6.2.9-arch1-1