starred/whoogle-search
1
0
Fork 0
mirror of https://github.com/benbusby/whoogle-search.git synced 2026-04-25 04:05:57 +03:00
Code Issues 9 Projects Releases Packages Wiki Activity

[GH-ISSUE #553] [BUG] Query decryption issue #352

New issue
Closed
opened 2026-02-25 20:35:31 +03:00 by kerem · 5 comments
kerem commented 2026-02-25 20:35:31 +03:00
Owner
Copy link

Originally created by @FourPeaksAdmin on GitHub (Nov 23, 2021).
Original GitHub issue: https://github.com/benbusby/whoogle-search/issues/553

Describe the bug
When doing a whoogle search, the request comes up in search perfectly fine, but then when switching to images, the address gets messed up and enters from arbitrary search query

To Reproduce
Steps to reproduce the behavior:

  1. Go to whoogle hosted address
  2. Search something and return results
  3. Switch to images tab
  4. Get arbitrary result

Deployment Method

  • [ x] Docker

Version of Whoogle Search

  • [x ] Version [0.6.0]

"Docker Network Traffic Monitor" becomes "gAAAABhn...." when switching from ALL to Images

image

image

Originally created by @FourPeaksAdmin on GitHub (Nov 23, 2021). Original GitHub issue: https://github.com/benbusby/whoogle-search/issues/553 **Describe the bug** When doing a whoogle search, the request comes up in search perfectly fine, but then when switching to images, the address gets messed up and enters from arbitrary search query **To Reproduce** Steps to reproduce the behavior: 1. Go to whoogle hosted address 2. Search something and return results 3. Switch to images tab 4. Get arbitrary result **Deployment Method** - [ x] Docker **Version of Whoogle Search** - [x ] Version [0.6.0] "Docker Network Traffic Monitor" becomes "gAAAABhn...." when switching from ALL to Images ![image](https://user-images.githubusercontent.com/57915142/143085095-af2ec32f-9ea8-482e-8f7a-e732967b657e.png) ![image](https://user-images.githubusercontent.com/57915142/143085124-f4a9988f-7cf4-45e3-8abf-212657699cf6.png)
kerem 2026-02-25 20:35:31 +03:00
kerem commented 2026-02-25 20:35:31 +03:00
Author
Owner
Copy link

@benbusby commented on GitHub (Nov 23, 2021):

It looks like your instance is failing to decrypt your search queries. The second string you're seeing is the encrypted contents of the search, but somehow your session key is being reset between actions.

Screen Shot 2021-11-23 at 12 36 04 PM Screen Shot 2021-11-23 at 12 36 14 PM

What browser are you using? Do you have any plugins enabled that block cookies?

Also, are you pulling the 0.6.0 tag or the latest tag (which also shows "Version 0.6.0" on the home page)?

<!-- gh-comment-id:977074779 --> @benbusby commented on GitHub (Nov 23, 2021): It looks like your instance is failing to decrypt your search queries. The second string you're seeing is the encrypted contents of the search, but somehow your session key is being reset between actions. <img width="963" alt="Screen Shot 2021-11-23 at 12 36 04 PM" src="https://user-images.githubusercontent.com/33362396/143092017-d5631787-82e1-4dd1-bc8c-b9b2d307fcdf.png"> <img width="952" alt="Screen Shot 2021-11-23 at 12 36 14 PM" src="https://user-images.githubusercontent.com/33362396/143092034-c4ff9932-a747-4d96-867a-ce5d097d60e7.png"> What browser are you using? Do you have any plugins enabled that block cookies? Also, are you pulling the `0.6.0` tag or the `latest` tag (which also shows "Version 0.6.0" on the home page)?
kerem commented 2026-02-25 20:35:31 +03:00
Author
Owner
Copy link

@benbusby commented on GitHub (Nov 23, 2021):

Also, for future reference, it's usually best to blur out or crop out your actual search URL in screenshots unless you want other users using your instance.

That being said, I was able to navigate to your instance home page and perform the same steps (search something -> switch to other result tab) without any issues. I'm guessing this is an issue with how your browser is performing the search, since it looks like you're searching using your browser's URL bar to perform the search. I'm curious if somehow the session key is being reset that way.

If you're not already, I'd recommend using the latest docker tag for now.

<!-- gh-comment-id:977085483 --> @benbusby commented on GitHub (Nov 23, 2021): Also, for future reference, it's usually best to blur out or crop out your actual search URL in screenshots unless you want other users using your instance. That being said, I was able to navigate to your instance home page and perform the same steps (search something -> switch to other result tab) without any issues. I'm guessing this is an issue with how your browser is performing the search, since it looks like you're searching using your browser's URL bar to perform the search. I'm curious if somehow the session key is being reset that way. If you're not already, I'd recommend using the `latest` docker tag for now.
kerem commented 2026-02-25 20:35:31 +03:00
Author
Owner
Copy link

@FourPeaksAdmin commented on GitHub (Nov 23, 2021):

Also, for future reference, it's usually best to blur out or crop out your actual search URL in screenshots unless you want other users using your instance.

That being said, I was able to navigate to your instance home page and perform the same steps (search something -> switch to other result tab) without any issues. I'm guessing this is an issue with how your browser is performing the search, since it looks like you're searching using your browser's URL bar to perform the search. I'm curious if somehow the session key is being reset that way.

If you're not already, I'd recommend using the latest docker tag for now.

I am using the latest image pulled image: benbusby/whoogle-search:latest

I also tried navigating to the search url and just doing a search from within there and like you, am not experiencing this issue.

This is the search query url I have baked into the custom search for the address bar
https://search.fourpeakslandscape.com/search?lr=&safe=off&gbv=1&nfpr=1&q=%s

As for showing my public instance, Im not concerned as I can just change the url in traefik and I can use the new URL, but thank you for the the reminder as I did technically space on that part lol.

As for the browser, im using vivaldi and on the last version of Whoogle I did not have this issue, I will test on firefox and see if the same result happens.

UPDATE
Looks like it must be a glitch in the matrix because its not happening anymore in vivaldi right now. Must just be a random thing that happens. But, since its not happening currently, not much to go on so maybe just close the ticket?

<!-- gh-comment-id:977110016 --> @FourPeaksAdmin commented on GitHub (Nov 23, 2021): > Also, for future reference, it's usually best to blur out or crop out your actual search URL in screenshots unless you want other users using your instance. > > That being said, I was able to navigate to your instance home page and perform the same steps (search something -> switch to other result tab) without any issues. I'm guessing this is an issue with how your browser is performing the search, since it looks like you're searching using your browser's URL bar to perform the search. I'm curious if somehow the session key is being reset that way. > > If you're not already, I'd recommend using the `latest` docker tag for now. I am using the latest image pulled ```image: benbusby/whoogle-search:latest``` I also tried navigating to the search url and just doing a search from within there and like you, am not experiencing this issue. This is the search query url I have baked into the custom search for the address bar ```https://search.fourpeakslandscape.com/search?lr=&safe=off&gbv=1&nfpr=1&q=%s``` As for showing my public instance, Im not concerned as I can just change the url in traefik and I can use the new URL, but thank you for the the reminder as I did technically space on that part lol. As for the browser, im using vivaldi and on the last version of Whoogle I did not have this issue, I will test on firefox and see if the same result happens. ```UPDATE``` Looks like it must be a glitch in the matrix because its not happening anymore in vivaldi right now. Must just be a random thing that happens. But, since its not happening currently, not much to go on so maybe just close the ticket?
kerem commented 2026-02-25 20:35:31 +03:00
Author
Owner
Copy link

@benbusby commented on GitHub (Nov 23, 2021):

Looks like it must be a glitch in the matrix because its not happening anymore in vivaldi right now. Must just be a random thing that happens. But, since its not happening currently, not much to go on so maybe just close the ticket?

Hmm. I'm curious why you would've encountered the issue in the first place, but I'll just close the issue in the meantime. My best guess is that something weird happened where either Vivaldi performed the search without a valid session (so using the app's default encryption key), but the next action you took (switching result tabs) had a valid session and was using a different key (and therefore unable to decrypt the query properly).

<!-- gh-comment-id:977156016 --> @benbusby commented on GitHub (Nov 23, 2021): > Looks like it must be a glitch in the matrix because its not happening anymore in vivaldi right now. Must just be a random thing that happens. But, since its not happening currently, not much to go on so maybe just close the ticket? Hmm. I'm curious why you would've encountered the issue in the first place, but I'll just close the issue in the meantime. My best guess is that something weird happened where either Vivaldi performed the search without a valid session (so using the app's default encryption key), but the next action you took (switching result tabs) had a valid session and was using a different key (and therefore unable to decrypt the query properly).
kerem commented 2026-02-25 20:35:31 +03:00
Author
Owner
Copy link

@accountForIssues commented on GitHub (Feb 17, 2022):

@benbusby I can replicate this issue (latest docker version as of Feb 16).

If I right click search a word in Firefox (Android or Fedora Linux) or Chromium, the search page URL is https://whoogle-instance/search?cookies_disabled=1 and when I click on next (page of results), the issue in OP appears.

The cookies are not disabled as I can see a cookie stored using Dev Tools. Also, the same cookie is used fine for subsequent searches.

Further, in the initial page of results, any images/resources don't appear so there is definitely an issue with decryption.

image

However, if I click on a different result tab such as images/videos, the search works properly. If I then go back and click next, the next page also works fine. So, switching result tabs lets Whoogle know of the local session so the subsequent requests are properly decrypted.

I noticed that switching result tabs perform a GET request with plain text query whereas going to the next page of results sends an encrypted query.

Can anything be done on Whoogle's side ? Like if Whoogle cannot detect a valid session (I assume that's what's happening in the initial request), then the Next page should also be requested using plain text GET.

<!-- gh-comment-id:1042643092 --> @accountForIssues commented on GitHub (Feb 17, 2022): @benbusby I can replicate this issue (latest docker version as of Feb 16). If I right click search a word in Firefox (Android or Fedora Linux) or Chromium, the search page URL is `https://whoogle-instance/search?cookies_disabled=1` and when I click on next (page of results), the issue in OP appears. The cookies are not disabled as I can see a cookie stored using Dev Tools. Also, the same cookie is used fine for subsequent searches. Further, in the initial page of results, any images/resources don't appear so there is definitely an issue with decryption. ![image](https://user-images.githubusercontent.com/52367365/154423438-01affd00-dc5f-4a24-a22f-6fa6f0c40c5c.png) However, if I click on a different result tab such as images/videos, the search works properly. If I then go back and click next, the next page also works fine. So, switching result tabs lets Whoogle know of the local session so the subsequent requests are properly decrypted. I noticed that switching result tabs perform a GET request with plain text query whereas going to the next page of results sends an encrypted query. Can anything be done on Whoogle's side ? Like if Whoogle cannot detect a valid session (I assume that's what's happening in the initial request), then the `Next` page should also be requested using plain text GET.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
dependabot/pip/python-dotenv-1.2.2
v1.2.4
v1.2.3
v1.2.2
v1.2.1-test
v1.1.2
v1.1.1-beta
v1.1.0
v1.1.0-beta
v1.0.0-beta
v0.9.4
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.7.4
v0.7.3
v0.7.2
v0.7.1
v0.7.0
v0.6.0
v0.5.4
v0.5.3
v0.5.2
v0.5.1
v0.5.0
v0.4.1
v0.4.0
v0.3.2
v0.3.1
v0.3.0
v0.2.1
0.2.0
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
v0.0.1
Labels
Clear labels   
Fixed (Pending PR Merge)

   
Stale

   
bug

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
keep-open

   
needs more info

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
theme

   
unfortunate
No labels
Fixed (Pending PR Merge)
Stale
bug
enhancement
enhancement
good first issue
help wanted
keep-open
needs more info
pull-request
question
theme
unfortunate
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/whoogle-search#352
No description provided.