Fix a recursion bug when redirected to the same domain and a port was specified (#377) (#522)

This fixes the situation where the URL port is specified from the
command line and the "Location" redirection header contains an
absolute URL path.

CHANGELOG.md

@@ -11,6 +11,7 @@
     - Fixed an issue where output (often a lot of it) would be printed after entering interactive mode
     - Fixed an issue when reading wordlist files from ffufrc
     - Fixed an issue where `-of all` option only creates one output file (instead of all formats) 
+    - Fixed an issue where redirection to the same domain in recursive mode dropped port info from URL
     - Added HTTP2 support
 
 - v1.3.1

CONTRIBUTORS.md

@@ -20,6 +20,7 @@
 * [fang0654](https://github.com/fang0654)
 * [Hazegard](https://github.com/Hazegard)
 * [helpermika](https://github.com/helpermika)
+* [h1x](https://github.com/h1x-lnx)
 * [Ice3man543](https://github.com/Ice3man543)
 * [JamTookTheBait](https://github.com/JamTookTheBait)
 * [jimen0](https://github.com/jimen0)

pkg/ffuf/response.go

@@ -43,12 +43,40 @@ func (resp *Response) GetRedirectLocation(absolute bool) string {
 		if err != nil {
 			return redirectLocation
 		}
+		if redirectUrl.IsAbs() && UrlEqual(redirectUrl, baseUrl) {
+			redirectLocation = redirectUrl.Scheme + "://" +
+				baseUrl.Host + redirectUrl.Path
+		} else {
 			redirectLocation = baseUrl.ResolveReference(redirectUrl).String()
 		}
+	}
 
 	return redirectLocation
 }
 
+func UrlEqual(url1, url2 *url.URL) bool {
+	if url1.Hostname() != url2.Hostname() {
+		return false
+	}
+	if url1.Scheme != url2.Scheme {
+		return false
+	}
+	p1, p2 := getUrlPort(url1), getUrlPort(url2)
+	return p1 == p2
+}
+
+func getUrlPort(url *url.URL) string {
+	var portMap = map[string]string{
+		"http":  "80",
+		"https": "443",
+	}
+	p := url.Port()
+	if p == "" {
+		p = portMap[url.Scheme]
+	}
+	return p
+}
+
 func NewResponse(httpresp *http.Response, req *Request) Response {
 	var resp Response
 	resp.Request = req