HTTP: fix forwarding of HEAD sessions (#4908)

Author: gpotter2

scapy/fwdmachine.py

@@ -414,6 +414,7 @@ def cb_sni(sock, server_name, _):
         # Wrap the sockets
         sock = self.sockcls(sock, self.cls)
         ss = self.sockcls(ss, self.cls)
+        sock.streamsession = ss.streamsession
         try:
             while True:
                 # Listen on both ends of the connection

scapy/layers/http.py

@@ -649,7 +649,7 @@ def dispatch_hook(cls, _pkt=None, *args, **kargs):
 
     # tcp_reassemble is used by TCPSession in session.py
     @classmethod
-    def tcp_reassemble(cls, data, metadata, _):
+    def tcp_reassemble(cls, data, metadata, session):
         detect_end = metadata.get("detect_end", None)
         is_unknown = metadata.get("detect_unknown", True)
         # General idea of the following is explained at
@@ -674,8 +674,12 @@ def tcp_reassemble(cls, data, metadata, _):
                 # use it. When the total size of the frags is high enough,
                 # we have the packet
 
+                if session.pop("head_request", False):
+                    # Answer to a HEAD request.
+                    detect_end = lambda dat: dat.find(b"\r\n\r\n")
+
                 # Subtract the length of the "HTTP*" layer
-                if http_packet.payload.payload or length == 0:
+                elif http_packet.payload.payload or length == 0:
                     http_length = len(data) - http_packet.payload._original_len
                     detect_end = lambda dat: len(dat) - http_length >= length
                 else:
@@ -693,13 +697,18 @@ def tcp_reassemble(cls, data, metadata, _):
                 if chunked:
                     detect_end = lambda dat: dat.endswith(b"0\r\n\r\n")
                 # HTTP Requests that do not have any content,
-                # end with a double CRLF. Same for HEAD responses
+                # end with a double CRLF.
                 elif isinstance(http_packet.payload, cls.clsreq):
                     detect_end = lambda dat: dat.endswith(b"\r\n\r\n")
                     # In case we are handling a HTTP Request,
                     # we want to continue assessing the data,
                     # to handle requests with a body (POST)
                     metadata["detect_unknown"] = True
+                    if (
+                        isinstance(http_packet.payload, cls.clsreq)
+                        and http_packet.Method == b"HEAD"
+                    ):
+                        session["head_request"] = True
                 elif is_response and http_packet.Status_Code == b"101":
                     # If it's an upgrade response, it may also hold a
                     # different protocol data.
@@ -888,8 +897,7 @@ def request(
         self._connect_or_reuse(host, port=port, tls=tls, timeout=timeout)
 
         # Build request
-        if ((tls and port != 443) or
-                (not tls and port != 80)):
+        if (tls and port != 443) or (not tls and port != 80):
             host_hdr = "%s:%d" % (host, port)
         else:
             host_hdr = host

test/scapy/layers/http.uts

@@ -90,11 +90,11 @@ assert HTTPRequest in a[3]
 assert a[3].Method == b"HEAD"
 assert a[3].User_Agent == b'curl/7.88.1'
 
-assert HTTPResponse in a[6]
-assert a[6].Content_Type == b'text/html; charset=UTF-8'
-assert a[6].Expires == b'Mon, 01 Apr 2024 22:25:38 GMT'
-assert a[6].Reason_Phrase == b'Moved Permanently'
-assert a[6].X_Frame_Options == b"SAMEORIGIN"
+assert HTTPResponse in a[5]
+assert a[5].Content_Type == b'text/html; charset=UTF-8'
+assert a[5].Expires == b'Mon, 01 Apr 2024 22:25:38 GMT'
+assert a[5].Reason_Phrase == b'Moved Permanently'
+assert a[5].X_Frame_Options == b"SAMEORIGIN"
 
 = HTTP build with 'chunked' content type