From 71bec99ed1dad21280e31956ceb37069243b8794 Mon Sep 17 00:00:00 2001
From: firefart <105281+firefart@users.noreply.github.com>
Date: Fri, 17 May 2024 21:31:13 +0200
Subject: [PATCH] fix #506, add support for tls-renegotiation

---
 README.md                   |  1 +
 cli/options.go              |  3 +++
 libgobuster/http.go         |  3 +++
 libgobuster/options_http.go | 17 +++++++++--------
 4 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index e70c34b..e5b33ff 100644
--- a/README.md
+++ b/README.md
@@ -44,6 +44,7 @@ All funds that are donated to this project will be donated to charity. A full lo
 - fix extra special characters when run with `--no-progress`
 - warn when using vhost mode with a proxy and http based urls as this might not work as expected
 - add `interface` and `local-ip` parameters to specify the interface for http requests
+- add support for tls renegotiation
 
 ## 3.6
 
diff --git a/cli/options.go b/cli/options.go
index 6e6ba8b..34903ff 100644
--- a/cli/options.go
+++ b/cli/options.go
@@ -32,6 +32,7 @@ func BasicHTTPOptions() []cli.Flag {
 		&cli.StringFlag{Name: "client-cert-pem-key", Aliases: []string{"ccpk"}, Usage: "private key in PEM format for optional TLS client certificates (this key needs to have no password)"},
 		&cli.StringFlag{Name: "client-cert-p12", Aliases: []string{"ccp12"}, Usage: "a p12 file to use for options TLS client certificates"},
 		&cli.StringFlag{Name: "client-cert-p12-password", Aliases: []string{"ccp12p"}, Usage: "the password to the p12 file"},
+		&cli.BoolFlag{Name: "tls-renegotiation", Value: false, Usage: "Enable TLS renegotiation"},
 		&cli.StringFlag{Name: "interface", Aliases: []string{"iface"}, Usage: "specify network interface to use. Can't be used with local-ip"},
 		&cli.StringFlag{Name: "local-ip", Usage: "specify local ip of network interface to use. Can't be used with interface"},
 	}
@@ -84,6 +85,8 @@ func ParseBasicHTTPOptions(c *cli.Context) (libgobuster.BasicHTTPOptions, error)
 		}
 	}
 
+	opts.TLSRenegotiation = c.Bool("tls-renegotiation")
+
 	iface := c.String("interface")
 	localIP := c.String("local-ip")
 	if iface != "" && localIP != "" {
diff --git a/libgobuster/http.go b/libgobuster/http.go
index a8dcaa8..6de20ff 100644
--- a/libgobuster/http.go
+++ b/libgobuster/http.go
@@ -79,6 +79,9 @@ func NewHTTPClient(opt *HTTPOptions, logger *Logger) (*HTTPClient, error) {
 	if opt.TLSCertificate != nil {
 		tlsConfig.Certificates = []tls.Certificate{*opt.TLSCertificate}
 	}
+	if opt.TLSRenegotiation {
+		tlsConfig.Renegotiation = tls.RenegotiateOnceAsClient
+	}
 
 	transport := &http.Transport{
 		Proxy:               proxyURLFunc,
diff --git a/libgobuster/options_http.go b/libgobuster/options_http.go
index fa7e4b4..4fae8f1 100644
--- a/libgobuster/options_http.go
+++ b/libgobuster/options_http.go
@@ -8,14 +8,15 @@ import (
 
 // BasicHTTPOptions defines only core http options
 type BasicHTTPOptions struct {
-	UserAgent       string
-	Proxy           string
-	NoTLSValidation bool
-	Timeout         time.Duration
-	RetryOnTimeout  bool
-	RetryAttempts   int
-	TLSCertificate  *tls.Certificate
-	LocalAddr       net.Addr
+	UserAgent        string
+	Proxy            string
+	NoTLSValidation  bool
+	Timeout          time.Duration
+	RetryOnTimeout   bool
+	RetryAttempts    int
+	TLSCertificate   *tls.Certificate
+	TLSRenegotiation bool
+	LocalAddr        net.Addr
 }
 
 // HTTPOptions is the struct to pass in all http options to Gobuster