projectdiscovery · Mzack9999 · Jun 16, 2026
diff --git a/common/authprovider/authx/basic_auth.go b/common/authprovider/authx/basic_auth.go
@@ -2,8 +2,6 @@ package authx
 
 import (
 	"net/http"
-
-	"github.com/projectdiscovery/retryablehttp-go"
 )
 
 var (
@@ -24,8 +22,3 @@ func NewBasicAuthStrategy(data *Secret) *BasicAuthStrategy {
 func (s *BasicAuthStrategy) Apply(req *http.Request) {
 	req.SetBasicAuth(s.Data.Username, s.Data.Password)
 }
-
-// ApplyOnRR applies the basic auth strategy to the retryable request
-func (s *BasicAuthStrategy) ApplyOnRR(req *retryablehttp.Request) {
-	req.SetBasicAuth(s.Data.Username, s.Data.Password)
-}
diff --git a/common/authprovider/authx/bearer_auth.go b/common/authprovider/authx/bearer_auth.go
@@ -2,8 +2,6 @@ package authx
 
 import (
 	"net/http"
-
-	"github.com/projectdiscovery/retryablehttp-go"
 )
 
 var (
@@ -24,8 +22,3 @@ func NewBearerTokenAuthStrategy(data *Secret) *BearerTokenAuthStrategy {
 func (s *BearerTokenAuthStrategy) Apply(req *http.Request) {
 	req.Header.Set("Authorization", "Bearer "+s.Data.Token)
 }
-
-// ApplyOnRR applies the bearer token auth strategy to the retryable request
-func (s *BearerTokenAuthStrategy) ApplyOnRR(req *retryablehttp.Request) {
-	req.Header.Set("Authorization", "Bearer "+s.Data.Token)
-}
diff --git a/common/authprovider/authx/cookies_auth.go b/common/authprovider/authx/cookies_auth.go
@@ -2,8 +2,6 @@ package authx
 
 import (
 	"net/http"
-
-	"github.com/projectdiscovery/retryablehttp-go"
 )
 
 var (
@@ -20,18 +18,9 @@ func NewCookiesAuthStrategy(data *Secret) *CookiesAuthStrategy {
 	return &CookiesAuthStrategy{Data: data}
 }
 
-// Apply applies the cookies auth strategy to the request
+// Apply applies the cookies auth strategy to the request, replacing any
+// existing cookies that share a name with the configured cookies.
 func (s *CookiesAuthStrategy) Apply(req *http.Request) {
-	for _, cookie := range s.Data.Cookies {
-		req.AddCookie(&http.Cookie{
-			Name:  cookie.Key,
-			Value: cookie.Value,
-		})
-	}
-}
-
-// ApplyOnRR applies the cookies auth strategy to the retryable request
-func (s *CookiesAuthStrategy) ApplyOnRR(req *retryablehttp.Request) {
 	// Build a set of cookie names to replace
 	newCookieNames := make(map[string]struct{}, len(s.Data.Cookies))
 	for _, cookie := range s.Data.Cookies {

diff --git a/common/authprovider/authx/headers_auth.go b/common/authprovider/authx/headers_auth.go
@@ -2,8 +2,6 @@ package authx
 
 import (
 	"net/http"
-
-	"github.com/projectdiscovery/retryablehttp-go"
 )
 
 var (
@@ -28,12 +26,3 @@ func (s *HeadersAuthStrategy) Apply(req *http.Request) {
 		req.Header[header.Key] = []string{header.Value}
 	}
 }
-
-// ApplyOnRR applies the headers auth strategy to the retryable request
-// NOTE: This preserves exact header casing (e.g., barAuthToken stays as barAuthToken)
-// This is useful for APIs that require case-sensitive header names
-func (s *HeadersAuthStrategy) ApplyOnRR(req *retryablehttp.Request) {
-	for _, header := range s.Data.Headers {
-		req.Header[header.Key] = []string{header.Value}
-	}
-}
diff --git a/common/authprovider/authx/query_auth.go b/common/authprovider/authx/query_auth.go
@@ -3,7 +3,6 @@ package authx
 import (
 	"net/http"
 
-	"github.com/projectdiscovery/retryablehttp-go"
 	urlutil "github.com/projectdiscovery/utils/url"
 )
 
@@ -30,13 +29,3 @@ func (s *QueryAuthStrategy) Apply(req *http.Request) {
 	}
 	req.URL.RawQuery = q.Encode()
 }
-
-// ApplyOnRR applies the query auth strategy to the retryable request
-func (s *QueryAuthStrategy) ApplyOnRR(req *retryablehttp.Request) {
-	q := urlutil.NewOrderedParams()
-	q.Decode(req.Request.URL.RawQuery)
-	for _, p := range s.Data.Params {
-		q.Add(p.Key, p.Value)
-	}
-	req.Request.URL.RawQuery = q.Encode()
-}
diff --git a/common/authprovider/authx/strategy.go b/common/authprovider/authx/strategy.go
@@ -2,15 +2,11 @@ package authx
 
 import (
 	"net/http"
-
-	"github.com/projectdiscovery/retryablehttp-go"
 )
 
 // AuthStrategy is an interface for auth strategies
 // basic auth , bearer token, headers, cookies, query
 type AuthStrategy interface {
 	// Apply applies the strategy to the request
 	Apply(*http.Request)
-	// ApplyOnRR applies the strategy to the retryable request
-	ApplyOnRR(*retryablehttp.Request)
 }
diff --git a/common/authprovider/authx/strategy_test.go b/common/authprovider/authx/strategy_test.go
@@ -3,8 +3,6 @@ package authx
 import (
 	"net/http"
 	"testing"
-
-	"github.com/projectdiscovery/retryablehttp-go"
 )
 
 func TestBasicAuthStrategy(t *testing.T) {
@@ -31,8 +29,8 @@ func TestBasicAuthStrategy(t *testing.T) {
 	})
 
 	t.Run("ApplyOnRR", func(t *testing.T) {
-		req, _ := retryablehttp.NewRequest("GET", "http://example.com", nil)
-		strategy.ApplyOnRR(req)
+		req, _ := http.NewRequest("GET", "http://example.com", nil)
+		strategy.Apply(req)
 
 		user, pass, ok := req.BasicAuth()
 		if !ok {
@@ -65,8 +63,8 @@ func TestBearerTokenAuthStrategy(t *testing.T) {
 	})
 
 	t.Run("ApplyOnRR", func(t *testing.T) {
-		req, _ := retryablehttp.NewRequest("GET", "http://example.com", nil)
-		strategy.ApplyOnRR(req)
+		req, _ := http.NewRequest("GET", "http://example.com", nil)
+		strategy.Apply(req)
 
 		auth := req.Header.Get("Authorization")
 		expected := "Bearer mytoken123"
@@ -101,8 +99,8 @@ func TestHeadersAuthStrategy(t *testing.T) {
 	})
 
 	t.Run("ApplyOnRR", func(t *testing.T) {
-		req, _ := retryablehttp.NewRequest("GET", "http://example.com", nil)
-		strategy.ApplyOnRR(req)
+		req, _ := http.NewRequest("GET", "http://example.com", nil)
+		strategy.Apply(req)
 
 		// Use direct map access since headers preserve exact casing
 		//nolint
@@ -146,13 +144,13 @@ func TestCookiesAuthStrategy(t *testing.T) {
 	})
 
 	t.Run("ApplyOnRR replaces existing cookies", func(t *testing.T) {
-		req, _ := retryablehttp.NewRequest("GET", "http://example.com", nil)
+		req, _ := http.NewRequest("GET", "http://example.com", nil)
 		// Add existing cookie that should be replaced
 		req.AddCookie(&http.Cookie{Name: "session", Value: "old_value"})
 		// Add existing cookie that should be kept
 		req.AddCookie(&http.Cookie{Name: "other", Value: "keep_me"})
 
-		strategy.ApplyOnRR(req)
+		strategy.Apply(req)
 
 		cookies := req.Cookies()
 		found := make(map[string]string)
@@ -200,10 +198,10 @@ func TestQueryAuthStrategy(t *testing.T) {
 	})
 
 	t.Run("ApplyOnRR", func(t *testing.T) {
-		req, _ := retryablehttp.NewRequest("GET", "http://example.com/path?existing=value", nil)
-		strategy.ApplyOnRR(req)
+		req, _ := http.NewRequest("GET", "http://example.com/path?existing=value", nil)
+		strategy.Apply(req)
 
-		query := req.Request.URL.Query()
+		query := req.URL.Query()
 		if got := query.Get("api_key"); got != "secret123" {
 			t.Errorf("api_key = %v, want secret123", got)
 		}

diff --git a/common/httputilz/httputilz.go b/common/httputilz/httputilz.go
@@ -4,10 +4,10 @@ import (
 	"bufio"
 	"fmt"
 	"io"
+	"net/http"
 	"net/http/httputil"
 	"strings"
 
-	"github.com/projectdiscovery/retryablehttp-go"
 	urlutil "github.com/projectdiscovery/utils/url"
 )
 
@@ -17,8 +17,8 @@ const (
 )
 
 // DumpRequest to string
-func DumpRequest(req *retryablehttp.Request) (string, error) {
-	dump, err := httputil.DumpRequestOut(req.Request, true)
+func DumpRequest(req *http.Request) (string, error) {
+	dump, err := httputil.DumpRequestOut(req, true)
 
 	return string(dump), err
 }

diff --git a/common/httpx/dump.go b/common/httpx/dump.go
@@ -0,0 +1,69 @@
+package httpx
+
+import (
+	"io"
+	"net/http"
+	"strings"
+
+	urlutil "github.com/projectdiscovery/utils/url"
+)
+
+// rawNewLine is the wire-level line terminator used for raw request dumps.
+const rawNewLine = "\r\n"
+
+// DumpRequestRaw renders the wire-level representation of an unsafe request,
+// mirroring the previous rawhttp.DumpRequestRaw output: the request line, the
+// provided headers verbatim (adding Host from the URL only when absent) and the
+// body, separated by CRLFs. Content-Length is intentionally not synthesized,
+// matching rawhttp's dump behavior.
+func DumpRequestRaw(method, rawURL, uriPath string, headers http.Header, body io.Reader) ([]byte, error) {
+	u, err := urlutil.ParseURL(rawURL, true)
+	if err != nil {
+		return nil, err
+	}
+
+	h := headers.Clone()
+	if h == nil {
+		h = http.Header{}
+	}
+	if _, hasHost := h["Host"]; !hasHost {
+		h["Host"] = []string{u.Host}
+	}
+
+	path := u.Path
+	if path == "" {
+		path = "/"
+	}
+	if !u.Params.IsEmpty() {
+		path += "?" + u.Params.Encode()
+	}
+	// override with the custom URI path if specified
+	if uriPath != "" {
+		path = uriPath
+	}
+
+	var b strings.Builder
+	b.WriteString(method + " " + path + " HTTP/1.1" + rawNewLine)
+
+	for key, values := range h {
+		for _, value := range values {
+			if value != "" {
+				b.WriteString(key + ": " + value + rawNewLine)
+			} else {
+				b.WriteString(key + rawNewLine)
+			}
+		}
+	}
+
+	b.WriteString(rawNewLine)
+
+	if body != nil {
+		bodyBytes, err := io.ReadAll(body)
+		if err != nil {
+			return nil, err
+		}
+		b.Write(bodyBytes)
+	}
+
+	return []byte(b.String()), nil
+}
diff --git a/common/httpx/http2.go b/common/httpx/http2.go
@@ -7,7 +7,6 @@ import (
 	"net/http"
 
 	"github.com/projectdiscovery/gologger"
-	"github.com/projectdiscovery/retryablehttp-go"
 )
 
 const (
@@ -25,7 +24,7 @@ const (
 func (h *HTTPX) SupportHTTP2(protocol, method, targetURL string) bool {
 	// http => supports HTTP1.1 => HTTP/2 (H2C)
 	if protocol == HTTP {
-		req, err := retryablehttp.NewRequest(method, targetURL, nil)
+		req, err := http.NewRequestWithContext(context.Background(), method, targetURL, nil)
 		if err != nil {
 			return false
 		}