laitimes
return

headerpwn: A fuzzing tool for server responses and HTTP headers

author:FreeBuf

About headerpwn

HeaderPWN is a fuzzing tool for server responses and HTTP headers, which allows researchers to find network anomalies and analyze how the server responds to different HTTP headers.

headerpwn: A fuzzing tool for server responses and HTTP headers

Function introduction

The current version of HeaderPWN supports the following features:

1. Server security and anomaly detection;

2、HTTP Header检测;

3. Test how the server responds to different HTTP headers;

4. Report output and command line display;

5. User-friendly and simple to operate;

Tool Requirements:

Go

Tool download

Since the tool is based on Go, we first need to install and configure the latest version of Go on our local device.

Next, researchers can use the following command to download and install headerpwn:

go install github.com/devanshbatham/[email protected]

Tool use

Headerpwn can help researchers test various headers on target URLs and analyze their responses, using the following tools:

1. Use the -url parameter to provide the target URL to be tested to the headerpwn;

2. Create a header list file containing the URL of the target to be tested, in which each header has a separate line, and use the -headers parameter to specify the path of the list file to the headerpwn;

Examples of use are as follows:

headerpwn -url https://example.com -headers my_headers.txt

The my_headers.txt data format is as follows:

Proxy-Authenticate: foobar

Proxy-Authentication-Required: foobar

Proxy-Authorization: foobar

Proxy-Connection: foobar

Proxy-Host: foobar

Proxy-Http: foobar

Proxy requests through Burp Suite

We can follow these steps for Burp Suite proxy requests:

Export Burp's certificate

1. In Burp Suite, go to the "Agents" tab;

2. In the "Proxy Listener" page, select the configured listener 127.0.0.1:8080;

3. Click the "Import/Export CA Certificate" button;

4. In the certificate window, click "Export Certificate" and save the certificate file (e.g. burp.der);

Install Burp's certificate

1. Install the exported certificate on your system as a trusted certificate. This depends on your operating system;

2. On Windows, you can double-click .cer file and follow the prompts to install it in the "Trusted Root Certification Authority" store;

3. On macOS, you can double-click .cer file and add it to the "Keychain Access" application in the "System" keychain;

4. On Linux, you may need to copy the certificate to a trusted certificate location and configure the system to trust it;

Next, run the following command:

headerpwn -url https://example.com -headers my_headers.txt -proxy 127.0.0.1:8080

tool runs the demo

headerpwn: A fuzzing tool for server responses and HTTP headers
headerpwn: A fuzzing tool for server responses and HTTP headers
headerpwn: A fuzzing tool for server responses and HTTP headers

License Agreement

This project is developed and released under an open source license.

Project address

headerpwn:https://github.com/devanshbatham/headerpwn

Resources

https://github.com/danielmiessler/SecLists
server Test serve tool
Previous: Seven Star Lottery 24079 Lottery Friday, July 12, 10 Notes, This article is for analysis only
Next: Electric bicycle safety chain you and me|Electric bicycles are safer and →

Read on