1

When creating a HTTP request to a JavaScript file with this code, it returns the actual JS code itself just like it would when looking at the Network tab in the browser's developer tab.

var client = &http.Client{Timeout: 10 * time.Second}
req, err := http.NewRequest("GET", "https://www.iana.org/_js/jquery.js", nil)
    if err != nil {
        log.Fatal(err)
    }
    req.Header.Set("User-Agent", "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36")
    
    resp, err := client.Do(req)
    if err != nil {
        log.Fatal(err)
    }

    body, err := io.ReadAll(resp.Body)
    if err != nil {
        log.Fatal(err)
    }
    resp.Body.Close()

    fmt.Println(string(body))

However, creating a request to the same URL, but defining all the request headers that would be used in the browser:

req.Header = http.Header{
        "Accept":          []string{"*/*"},
        "Accept-Encoding": []string{"gzip, deflate, br"},
        "Accept-Language": []string{"en-US,en;q=0.5"},
        "Cache-Control":   []string{"no-cache"},
        "Connection":      []string{"keep-alive"},
        "DNT":             []string{"1"},
        "Host":            []string{"www.iana.org"},
        "Pragma":          []string{"no-cache"},
        "Referer":         []string{"https://www.iana.org/domains/reserved"},
        "Sec-Fetch-Dest":  []string{"script"},
        "Sec-Fetch-Mode":  []string{"no-cors"},
        "Sec-Fetch-Site":  []string{"same-origin"},
    }

The response body returns a byte array that when converted to a string with fmt.Println(string(body)) as in the first section of code, seems to be purely binary.

I'm trying to figure out if this binary response is the result of the JavaScript function itself (for example a token generator or whatever else the script's purpose could be) or whether it's something else.

Anyway, explanation or insight would be much appreciated <3

phorever
  • 31
  • 1
  • 3
  • 2
    `"Accept-Encoding": []string{"gzip, deflate, br"},` this should give a lot of clue see the [docs](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Accept-Encoding). using that header is basically telling the server, "i want this thing in this form (gzip)." – Bagus Tesa Apr 11 '22 at 12:51
  • Oh, so is the binary data essentially just the raw JavaScript function in a gzip archive? If so why does the browser not get an encoded response body? @BagusTesa – phorever Apr 11 '22 at 12:53
  • browsers do its magic and its done out of the box - unless you are using something from decades ago (IE6). – Bagus Tesa Apr 11 '22 at 12:58
  • 1
    Does this answer your question? [Http(s) request responds with garbage characters](https://stackoverflow.com/questions/52461602/https-request-responds-with-garbage-characters), [file_get_contents() with modified HTTP headers returning garbage html output](https://stackoverflow.com/questions/9631596/file-get-contents-with-modified-http-headers-returning-garbage-html-output). – Steffen Ullrich Apr 11 '22 at 13:56
  • Alright I understand! Thank you two lots <3 – phorever Apr 11 '22 at 17:15

0 Answers0