1# Copyright 2016 The Chromium Authors
2# Use of this source code is governed by a BSD-style license that can be
3# found in the LICENSE file.
4
5# Fuzzer dictionary targetting HTTP/1.x responses.
6
7# Entries that are generally useful in headers
8":"
9"\x0A"
10"\x0D"
11"0"
12"50"
13"500"
14# Horizontal whitespace. Matters mostly in status line.
15" "
16"\x09"
17# Header continuation
18"\x0D\x0A\x09"
19# Used in a lot of individual headers
20";"
21"="
22","
23"\""
24"-"
25
26# Status line components
27"HTTP"
28"/1.1"
29"/1.0"
30# More interesting status codes.  Leading space so can be inserted into
31# other status lines.
32" 100"
33" 200"
34" 206"
35" 301"
36" 302"
37" 303"
38" 304"
39" 307"
40" 308"
41" 401"
42" 403"
43" 404"
44" 500"
45" 501"
46" 403"
47
48# Full status lines (Some with relevant following headers)
49"HTTP/1.1 200 OK\x0A\x0A"
50"HTTP/1.1 100 Continue\x0A\x0A"
51"HTTP/1.1 401 Unauthorized\x0AWWW-Authenticate: Basic realm=\"Middle-Earth\"\x0A\xA0"
52"HTTP/1.1 407 Proxy Authentication Required\x0AProxy-Authenticate: Digest realm=\"Middle-Earth\", nonce=\"aaaaaaaaaa\"\x0A\x0A"
53"HTTP/1.0 301 Moved Permanently\x0ALocation: /a\x0A\x0A"
54"HTTP/1.1 302 Found\x0ALocation: http://lost/\x0A\x0A"
55
56# Proxy authentication headers. Note that fuzzers don't support NTLM or
57# negotiate.
58"WWW-Authenticate:"
59"Proxy-Authenticate:"
60"Basic"
61"Digest"
62"realm"
63"nonce"
64
65"Connection:"
66"Proxy-Connection:"
67"Keep-Alive"
68"Close"
69"Upgrade"
70"\x0AConnection: Keep-Alive"
71"\x0AConnection: Close"
72"\x0AProxy-Connection: Keep-Alive"
73"\x0AProxy-Connection: Close"
74
75"Content-Length:"
76"Transfer-Encoding:"
77"chunked"
78"\x0AContent-Length: 0"
79"\x0AContent-Length: 500"
80"\x0ATransfer-Encoding: chunked\x0A\x0A5\x0A12345\x0A0\x0A\x0A"
81
82"Location:"
83"\x0ALocation: http://foo/"
84"\x0ALocation: http://bar/"
85"\x0ALocation: https://foo/"
86"\x0ALocation: https://bar/"
87
88"Accept-Ranges:"
89"bytes"
90"\x0AAccept-Ranges: bytes"
91
92"Content-Range:"
93
94"Age:"
95"\x0AAge: 0"
96"\x0AAge: 3153600000"
97
98"Cache-Control:"
99"max-age"
100"no-cache"
101"no-store"
102"must-revalidate"
103"\x0ACache-Control: max-age=3153600000"
104"\x0ACache-Control: max-age=0"
105"\x0ACache-Control: no-cache"
106"\x0ACache-Control: no-store"
107"\x0ACache-Control: must-revalidate"
108
109"Content-Disposition:"
110"attachment"
111"filename"
112
113"Content-Encoding:"
114"gzip"
115"deflate"
116"sdch"
117"br"
118"\x0AContent-Encoding: gzip"
119"\x0AContent-Encoding: deflate"
120"\x0AContent-Encoding: sdch"
121"\x0AContent-Encoding: br"
122
123"Date:"
124"Fri, 01 Apr, 2050 14:14:14 GMT"
125"Mon, 28 Mar, 2016 04:04:04 GMT"
126"\x0ADate: Fri, 01 Apr, 2050 14:14:14 GMT"
127"\x0ADate: Mon, 28 Mar, 2016 04:04:04 GMT"
128
129"Last-Modified:"
130"\x0ALast-Modified: Fri, 01 Apr, 2050 14:14:14 GMT"
131"\x0ALast-Modified: Mon, 28 Mar, 2016 04:04:04 GMT"
132
133"Expires:"
134"\x0AExpires: Fri, 01 Apr, 2050 14:14:14 GMT"
135"\x0AExpires: Mon, 28 Mar, 2016 04:04:04 GMT"
136
137"Set-Cookie:"
138"Expires"
139"Max-Age"
140"Domain"
141"Path"
142"Secure"
143"HttpOnly"
144"Priority"
145"Low"
146"Medium"
147"High"
148"SameSite"
149"Strict"
150"Lax"
151"\x0ASet-Cookie: foo=bar"
152"\x0ASet-Cookie: foo2=bar2;HttpOnly;Priority=Low;SameSite=Strict;Path=/"
153"\x0ASet-Cookie: foo=chicken;SameSite=Lax"
154
155"Strict-Transport-Security:"
156"includeSubDomains"
157
158"Vary:"
159"\x0AVary: Cookie"
160"\x0AVary: Age"
161
162"ETag:"
163"\x0AETag: jumboshrimp"
164
165
166# This part has been generated with testing/libfuzzer/dictionary_generator.py
167# using net_http_proxy_client_socket_fuzzer binary and RFC 2616.
168"all"
169"code"
170"maximum"
171"Transfer-Encoding"
172"D.,"
173"results"
174"follow"
175"(LZW)."
176"provided."
177"(which"
178"ISDN"
179"\"TE\""
180"LF>"
181"FORCE"
182"calculate"
183"\"IETF"
184"UNIX,"
185"ARPA"
186"\"OPTIONAL\""
187"environment"
188"Host"
189"program"
190"USENET"
191"TEXT"
192"Not"
193"Nov"
194"include"
195"resources"
196"CONNECT"
197"digit"
198"supported"
199"string"
200"returning"
201"ALL"
202"HTTP/1.1;"
203"SP,"
204"SP."
205"entries"
206"HTTP/1.1,"
207"HTTP/1.1."
208"difference"
209"(URI):"
210"--"
211"[CRLF]"
212"EXPRESS"
213"list"
214"HTTP/1.0\","
215"(RFC"
216"large"
217"ONLY"
218"Tag"
219"(LWS"
220"enclosing"
221"\"SHOULD\","
222"(URL)\","
223"\"A\"..\"Z\">"
224"unexpected"
225"GET)"
226"\"HEAD\""
227"direct"
228"Failed"
229"second"
230"Version"
231"\"A\""
232"allowed."
233"pass"
234"GET,"
235"tag."
236"implemented"
237"\"HTTP/1.0\""
238"INFRINGE"
239"errors"
240"ISO-8859-4,"
241"appear"
242"opaque"
243"section"
244"CPU"
245"current"
246"waiting"
247"version"
248"above"
249"TTL"
250"shared"
251"CRLF)"
252"public"
253"FTP"
254"NNTP."
255"WWW-"
256"never"
257"equals"
258"\"HTTP/1.1"
259"reported"
260"objects"
261"address"
262"active"
263"path"
264"["
265"\"POST\""
266"HTTP."
267"change"
268"MA"
269"\"AS"
270"broken"
271"BACK)"
272"NOT"
273"NNTP"
274"named"
275"useful"
276"secure"
277"family"
278"case."
279"detected."
280"\"HTTP\""
281"private"
282"CERN/3.0"
283"CTE"
284"(CTE)"
285"Too"
286"CTL"
287"PUT,"
288"user-agent"
289"PUT)"
290"byte"
291"select"
292"use"
293"TASK"
294"from"
295"exception."
296"working"
297"to"
298"value."
299"WARRANTIES"
300"two"
301"URI;"
302"User-Agent"
303"few"
304"--THIS_STRING_SEPARATES"
305"POST,"
306"call"
307"6"
308"MUST,"
309"scope"
310"type"
311"authorization"
312"more"
313"ISO-8859-9,"
314"(GMT),"
315"(TE)"
316"name."
317"initial"
318"Required"
319"RFC-850"
320"warn"
321"bytes,"
322"Found"
323"cases"
324"MHTML"
325"name:"
326"must"
327"parse"
328"lowercase"
329"MHTML,"
330"RIGHTS"
331"this"
332"NTP"
333"work"
334"--THIS_STRING_SEPARATES--"
335"Syntax"
336"paragraph"
337"can"
338"tracing"
339"following"
340"\"I"
341"closing"
342"modifier"
343"root"
344"example"
345"requested,"
346"J.,"
347"control"
348"type."
349"reserved"
350"links"
351"process"
352"attribute"
353"allowed"
354"high"
355"currency"
356"numbers"
357"want"
358"type:"
359"native"
360"LF"
361"class,"
362"end"
363"Missing"
364"HTTP-"
365"HTTP,"
366"charset"
367"1"
368"line."
369"2*N"
370"H."
371"1XX"
372"WARRANTIES,"
373"HTTP:"
374"A"
375"badly"
376"HEAD"
377"may"
378"insecure"
379"after"
380"variant"
381"different"
382"wrong"
383"[SP"
384"ANSI,"
385"date"
386"such"
387"data"
388"parallel"
389"repeat"
390"a"
391"FTP,"
392"All"
393"short"
394"\"GET\""
395"Y."
396"UA"
397"(2**N),"
398"element"
399"so"
400"cases."
401"File"
402"(LWS)"
403"\"DEFLATE"
404"order"
405"\"SHOULD"
406"don't"
407"MIC"
408"move"
409"vary"
410"satisfied"
411"CD-ROM,"
412"ended"
413"HTTP-WG."
414"LINK,"
415"pointer"
416"its"
417"digest"
418"before"
419"HTML"
420"(OK)"
421"using:"
422"MAY,"
423"fix"
424"ISO-3166"
425"actually"
426"407"
427"(GNU"
428"\"HTTP/1.1\","
429"P.,"
430"401"
431"MERCHANTABILITY"
432"DNS."
433"into"
434"\"HTTP"
435"it."
436"it,"
437"return"
438"combination"
439"URL"
440"URI"
441"number"
442"Bad"
443"not"
444"However,"
445"SSL"
446"name"
447"always"
448"decimal"
449"expectation."
450"did"
451"ISO-639"
452"]URI,"
453"found"
454"trailer"
455"mean"
456"breakdown"
457"domain"
458"From"
459"UTC"
460"(via"
461"(URI)"
462"UNLINK"
463"used"
464"expect"
465"exceeded"
466"(MIC)"
467"event"
468"out"
469"is:"
470"by"
471"E."
472"space"
473"\"MUST/MAY/SHOULD\""
474"REQUIRED"
475"ALPHA"
476"HTTP/2.4"
477"4DIGIT"
478"increase"
479"L."
480"time."
481"PATCH,"
482"supports"
483"2DIGIT"
484"K.,"
485"(A,"
486"This"
487"free"
488"\"B\""
489"RFC"
490"base"
491"proxy"
492"IMPLIED,"
493"POST"
494"received."
495"generate"
496"text/plain"
497"ISO-8859-7,"
498"\"HTTP/1.1\""
499"Partial"
500"could"
501"transition"
502"DISCLAIMS"
503"times"
504"filter"
505"HTML\","
506"length"
507"HEAD."
508"HEAD,"
509"S.,"
510"first"
511"origin"
512"\"E\""
513"already"
514"UPALPHA"
515"3DIGIT"
516"*"
517"Cache"
518"Please"
519"token."
520"one"
521"CHAR"
522"ISI"
523"another"
524"FITNESS"
525"message"
526"CSS1,"
527"open"
528"size"
529"doesn't"
530"\""
531"script"
532"unknown"
533"top"
534"header)"
535"system"
536"construct"
537"image/gif"
538"2"
539"ignored."
540"listed"
541"Date"
542"LOALPHA"
543"scheme"
544"final"
545"store"
546"too"
547"M."
548"Success"
549"that"
550"completed"
551"OPTIONAL;"
552"task"
553"tokens"
554"R"
555"pragma"
556"(IANA"
557"WAIS"
558"F.,"
559"than"
560"(A"
561"K."
562"target"
563"16"
564"require"
565"Only"
566"WWW-Authenticate"
567"HTTP/2.13,"
568"headers"
569"See"
570"GMT."
571"HTTP/2.0,"
572"were"
573"1)"
574"IS\""
575"stale"
576"1*8ALPHA"
577"are"
578"and"
579"IRC/6.9,"
580"false"
581"URL)."
582"turned"
583"ANSI"
584"B"
585"(IANA)"
586"(LWS)."
587"have"
588"MIME,"
589"need"
590"HTTP/1.1.)"
591"null"
592"any"
593"contents"
594"conversion"
595"data)"
596"(LZ77)"
597"(MIME"
598"mechanism"
599"internal"
600"(C)"
601"take"
602"which"
603"With"
604"UCI"
605"HTTP/0.9,"
606"content-"
607"200"
608"begin"
609"headers)"
610"unless"
611"TCP/IP"
612"Content-Disposition"
613"206"
614"buffer"
615"object"
616"\"MUST\","
617"regular"
618"letter"
619"entry"
620"The"
621"]"
622"the"
623"D."
624"(STD"
625"incompatible"
626"L.,"
627"(URL)"
628"left"
629"+"
630"\"MIME"
631"Note:"
632"particularly"
633"WA"
634"text"
635"labels"
636"\"C\""
637"Authentication"
638"Unrecognized"
639"CRLF."
640"PARTICULAR"
641"CRLF,"
642"SP"
643"find"
644"MUST"
645"true,"
646"cache."
647"upgrade"
648"cache)"
649"implementation"
650"("
651"[RFC"
652"cache"
653"3"
654"should"
655"failed"
656"only"
657"unable"
658"LDAP)"
659"USA"
660"US-ASCII"
661"(UA)"
662"get"
663"E.,"
664"HEREIN"
665"\"HTTP\"."
666"cannot"
667"new"
668"THE"
669"BNF"
670"DIGIT,"
671"closure"
672"PUT"
673"0)"
674"resource"
675"A.,"
676"W."
677"Content-Type:"
678"ISO-8859."
679"calling"
680"J."
681"INCLUDING"
682"common"
683"INTERNET"
684"release"
685"ISI/RR-98-463,"
686"\"CONNECT\""
687"where"
688"set"
689"IANA"
690"For"
691"\"F\""
692"configured"
693"C"
694"this,"
695"multipart"
696"close"
697"end."
698"detect"
699"GET"
700"WWW\","
701"1*DIGIT"
702"BUT"
703"MIT"
704"outside"
705"Proxy-Authorization"
706"closed"
707"between"
708"probably"
709"boundary"
710"reading"
711"\"SHALL"
712"\"RECOMMENDED\","
713"available"
714"we"
715"FOR"
716"missing"
717"importance"
718"fetchpriority"
719"screen"
720"connection."
721"ISO-8859-1"
722"UNIX"
723"STD"
724"key"
725"(MIME)"
726"P."
727"\"HTTP/1.1\"."
728"HTTP/1.0),"
729"AND"
730"received"
731"WWW"
732"TRACE"
733"\"MAY\","
734"many"
735"*TEXT"
736"Unsupported"
737"Rules"
738"connection"
739"Unicode"
740"*OCTET"
741"exceeds"
742"(URN)"
743"safely"
744"finds"
745"can't"
746"WARRANTY"
747"ISO-8859-8,"
748"Content-Length"
749"consume"
750"stream"
751"simple"
752"header"
753"DNS)"
754"colon"
755"adding"
756"spans"
757"1*HEX"
758"table"
759"allocated"
760"BCP"
761"application/pdf"
762"LWS:"
763"\"REQUIRED\","
764"Wed,"
765"C."
766"C,"
767"Proxy-Authenticate"
768"encryption"
769"create"
770"(MHTML)\","
771"been"
772"."
773"HTTP/12.3."
774"\"OPTIONS\""
775"\"PUT\""
776"context."
777"LWS,"
778"basic"
779"expected"
780"prototype"
781"GMT,"
782"empty"
783">"
784"URL."
785"PNG,\""
786"\"D\""
787"CA"
788"HEX"
789"N"
790"0*3DIGIT"
791"\"W/\""
792"CR"
793"\"DELETE\""
794"unnecessarily"
795"case"
796"exception"
797"save"
798"(HTTP)"
799"value"
800"Assigned"
801"while"
802"\"GZIP"
803"\"SHALL\","
804"error"
805"\"GMT\""
806"\"TRACE\""
807"resident"
808"is"
809"thus"
810"it"
811"encountered"
812"Content"
813"MIME"
814"in"
815"SIGCOMM"
816"You"
817"if"
818"result"
819"binary"
820"containing"
821"\"A"
822")"
823"CREATE"
824"expired"
825"1DIGIT"
826"same"
827"OPTIONS"
828"read"
829"BNF,"
830"unrecognized"
831"units"
832"UST"
833"status"
834"\"%"
835"extended"
836"http"
837"context"
838"I"
839"IP"
840"(O)."
841"allocation"
842"running"
843"*LWS"
844"user"
845"SMTP"
846"stack"
847"tracking"
848"IETF"
849"CR."
850"failing"
851"ANY"
852"patterns"
853"M.,"
854"Names"
855"In"
856"position"
857"model"
858"audio"
859"If"
860"US-ASCII."
861"MAY"
862"THAT"
863"being"
864"(OK)."
865"actions"
866"invalid"
867"HTTP/1.0)"
868"CRC."
869"previous"
870"tables"
871"TO"
872"<US-ASCII"
873"character"
874"source"
875"ISO-8859-2,"
876"valid"
877"location"
878"HTTP/1.0"
879"HTTP/1.1"
880"size,"
881"has"
882"match"
883"build"
884"URI."
885"tests"
886"format"
887"transfer-encoding"
888"H.,"
889"T"
890"using"
891"LIMITED"
892"OK"
893"success"
894"text/html"
895"ISO-8859-5,"
896"B,"
897"signal"
898"MIME:"
899"(HTCPCP/1.0)\","
900"server"
901"discarded"
902"true"
903"OF"
904"output"
905"page"
906"S."
907"right"
908"old"
909"sequence"
910"uppercase"
911"B.,"
912"some"
913"back"
914"HT"
915"Last-Modified"
916"growth"
917"equivalent"
918"specified"
919"multiple"
920"H.F.,"
921"HTTP/1.0."
922"(BNF)"
923"happens"
924"ignore"
925"PUT."
926"INDEX."
927"trace"
928"for"
929"avoid"
930"CR,"
931"does"
932"Authorization"
933"assuming"
934"be"
935"run"
936"GET."
937"deleted"
938"302"
939"X3.4-1986"
940"<URL:"
941"O"
942"ISO-8859-1."
943"last-modified"
944"host"
945"HTTP/1.0,"
946"LWS>"
947"INFORMATION"
948"X3.4-1986,"
949"properties"
950"ALPHA,"
951"Location"
952"on"
953"DIGIT"
954"ENGINEERING"
955"actual"
956"extension"
957"of"
958"R.,"
959"\"UTF-8,"
960"*<TEXT,"
961"OR"
962"range"
963"3ALPHA"
964"URI,"
965"positive"
966"Message"
967"DELETE"
968"content-type"
969"or"
970"UC"
971"No"
972"ISO-"
973"image"
974"ACM"
975"HEX\""
976"URL,"
977"because"
978"ISO-8859-6,"
979"T.,"
980"operator"
981"T/TCP"
982"mark"
983"file."
984"area"
985"GET\""
986"transfer"
987"support"
988"there"
989"long"
990"class"
991"start"
992"HT."
993"forward"
994"was"
995"function"
996"HT,"
997"N."
998"HTTP/1.1\","
999"memory"
1000"OCTET"
1001"but"
1002"failure"
1003"TE:"
1004"IMPLIED"
1005"CRLF"
1006"DNS"
1007"Error"
1008"\"ZLIB"
1009"line"
1010"trying"
1011"with"
1012"GMT"
1013"count"
1014"algorithm"
1015"default"
1016"B."
1017"ISO-8859-1,"
1018"up"
1019"ISO-8859-1)"
1020"SHOULD"
1021"PURPOSE."
1022"limit"
1023"used."
1024"WILL"
1025"DEL"
1026"define"
1027"called"
1028"delete"
1029"DELETE,"
1030"storing"
1031"USE"
1032"image/jpeg"
1033"defined"
1034"LWS"
1035"combining"
1036"unsafe"
1037"an"
1038"To"
1039"as"
1040"warning"
1041"exist"
1042"at"
1043"file"
1044"NOT\""
1045"NOT,"
1046"W3C/MIT"
1047"ISO-8859-1:1987."
1048"SHTTP/1.3,"
1049"no"
1050"when"
1051"A,"
1052"virtual"
1053"A."
1054"details."
1055"application"
1056"other"
1057"OPTIONAL"
1058"Proxy"
1059"LF,"
1060"test"
1061"MD5"
1062"you"
1063"TE"
1064"ISO-8859-3,"
1065"requested"
1066"elements"
1067"C)"
1068"symbol"
1069"T."
1070"code)"
1071"variable"
1072"SOCIETY"
1073"\"MUST"
1074"TCP"
1075"ISO-10646\","
1076"NOT\","
1077"R."
1078"lead"
1079"audio/basic"
1080"IANA."
1081"\"WAIS"
1082"persistent"
1083"Its"
1084"As"
1085"time"
1086"failures"
1087"\"ISO-8859-1\""
1088"once"
1089
1090