Skip to content

Replace httpbin.org with httpbingo.org #83

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ammario merged 2 commits into from
Nov 3, 2025
Merged

Replace httpbin.org with httpbingo.org #83

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
bc878b6
Replace httpbin.org with httpbingo.org to avoid timeouts
ammar-agent Nov 3, 2025
79f1ffe
Replace Cloudflare endpoint with httpbingo in host header security test
ammar-agent Nov 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion tests/linux_integration.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -391,7 +391,7 @@ mod tests {
.arg("alpine:latest")
.arg("sh")
.arg("-c")
.arg("wget -q -O- --timeout=2 http://httpbin.org/get 2>&1 || echo 'BLOCKED'");
.arg("wget -q -O- --timeout=2 https://httpbingo.org/get 2>&1 || echo 'BLOCKED'");

let output = cmd
.output()
Expand Down
17 changes: 8 additions & 9 deletions tests/weak_integration.rs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -293,23 +293,23 @@ fn test_server_mode() {
/// Verifies that httpjail corrects mismatched Host headers to prevent
/// CDN routing bypasses and other Host header attacks.
///
/// This test uses httpbin.org/headers which echoes back the received headers,
/// This test uses httpbingo.org/headers which echoes back the received headers,
/// allowing us to verify that httpjail corrects the Host header to match the
/// actual destination URL rather than relying on external service blocking behavior.
#[test]
fn test_host_header_security() {
use std::process::Command;

// Test 1: Direct curl with mismatched Host header
// httpbin.org/headers echoes back all headers it receives
// httpbingo.org/headers echoes back all headers it receives
let direct_result = Command::new("curl")
.args([
"-s",
"-H",
"Host: evil.com",
"--max-time",
"5",
"http://httpbin.org/headers",
"https://httpbingo.org/headers",
])
.output()
.expect("Failed to execute curl directly");
Expand All @@ -318,8 +318,7 @@ fn test_host_header_security() {

// Verify curl sends the mismatched Host header as-is
assert!(
direct_stdout.contains("\"Host\": \"evil.com\"")
|| direct_stdout.contains("\"Host\":\"evil.com\""),
direct_stdout.contains("\"Host\"") && direct_stdout.contains("evil.com"),
"Direct curl should send mismatched Host header (got: {})",
direct_stdout
);
Expand All @@ -335,7 +334,7 @@ fn test_host_header_security() {
"Host: evil.com",
"--max-time",
"5",
"http://httpbin.org/headers",
"https://httpbingo.org/headers",
])
.execute();

Expand All @@ -345,14 +344,14 @@ fn test_host_header_security() {

// Verify httpjail corrected the Host header to match the actual destination
assert!(
stdout.contains("\"Host\": \"httpbin.org\"") || stdout.contains("\"Host\":\"httpbin.org\""),
"Httpjail should correct Host header to httpbin.org (got: {})",
stdout.contains("\"Host\"") && stdout.contains("httpbingo.org"),
"Httpjail should correct Host header to httpbingo.org (got: {})",
stdout
);

// Verify the mismatched header was NOT forwarded
assert!(
!stdout.contains("\"Host\": \"evil.com\"") && !stdout.contains("\"Host\":\"evil.com\""),
!stdout.contains("evil.com"),
"Httpjail should not forward mismatched Host header evil.com (got: {})",
stdout
);
Expand Down
Loading