From ced4edff90ebada4029d49665af869c793ae5108 Mon Sep 17 00:00:00 2001
From: Colin Watson <coj337@users.noreply.github.com>
Date: Wed, 4 Jun 2025 17:37:25 +0900
Subject: [PATCH] Handle invalid charset in HTTP responses

---
 Subdominator/SubdomainHijack.cs | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/Subdominator/SubdomainHijack.cs b/Subdominator/SubdomainHijack.cs
index a477b71..5e618cd 100644
--- a/Subdominator/SubdomainHijack.cs
+++ b/Subdominator/SubdomainHijack.cs
@@ -438,7 +438,18 @@ public async Task<TakeoverResult> IsDomainVulnerable(string domain, bool validat
             // If we didn't get NXDOMAIN'd
             if (response != null)
             {
-                responseBody = await response.Content.ReadAsStringAsync();
+                try
+                {
+                    responseBody = await response.Content.ReadAsStringAsync();
+                }
+                catch (InvalidOperationException)
+                {
+                    // Fallback when an invalid charset is specified in the
+                    // response headers. Read as bytes and assume UTF8 to avoid
+                    // crashing. See GH issue #11.
+                    var bytes = await response.Content.ReadAsByteArrayAsync();
+                    responseBody = Encoding.UTF8.GetString(bytes);
+                }
 
                 // Check if HTTP status matches the fingerprint
                 if (fingerprint.HttpStatus.HasValue && (int)response.StatusCode == fingerprint.HttpStatus.Value)